summaryrefslogtreecommitdiffstats
path: root/collectors/python.d.plugin/fail2ban/metadata.yaml
blob: 61f762679c9cda83bd5c77d66e4e2c8f172c4fdc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
plugin_name: python.d.plugin
modules:
  - meta:
      plugin_name: python.d.plugin
      module_name: fail2ban
      monitored_instance:
        name: Fail2ban
        link: https://www.fail2ban.org/
        categories:
          - data-collection.authentication-and-authorization
        icon_filename: "fail2ban.png"
      related_resources:
        integrations:
          list: []
      info_provided_to_referring_integrations:
        description: ""
      keywords:
        - fail2ban
        - security
        - authentication
        - authorization
      most_popular: false
    overview:
      data_collection:
        metrics_description: |
          Monitor Fail2ban performance for prime intrusion prevention operations. Monitor ban counts, jail statuses, and failed login attempts to ensure robust network security.
        method_description: |
          It collects metrics through reading the default log and configuration files of fail2ban.
      supported_platforms:
        include: []
        exclude: []
      multi_instance: true
      additional_permissions:
        description: |
          The `fail2ban.log` file must be readable by the user `netdata`.
            - change the file ownership and access permissions.
            - update `/etc/logrotate.d/fail2ban`` to persist the changes after rotating the log file.

          To change the file ownership and access permissions, execute the following:

          ```shell
          sudo chown root:netdata /var/log/fail2ban.log
          sudo chmod 640 /var/log/fail2ban.log
          ```

          To persist the changes after rotating the log file, add `create 640 root netdata` to the `/etc/logrotate.d/fail2ban`:

          ```shell
          /var/log/fail2ban.log {

              weekly
              rotate 4
              compress

              delaycompress
              missingok
              postrotate
                  fail2ban-client flushlogs 1>/dev/null
              endscript

              # If fail2ban runs as non-root it still needs to have write access
              # to logfiles.
              # create 640 fail2ban adm
              create 640 root netdata
          }
          ```
      default_behavior:
        auto_detection:
          description: |
            By default the collector will attempt to read log file at /var/log/fail2ban.log and conf file at /etc/fail2ban/jail.local.
            If conf file is not found default jail is ssh.
        limits:
          description: ""
        performance_impact:
          description: ""
    setup:
      prerequisites:
        list: []
      configuration:
        file:
          name: python.d/fail2ban.conf
          description: ""
        options:
          description: |
            There are 2 sections:

            * Global variables
            * One or more JOBS that can define multiple different instances to monitor.

            The following options can be defined globally: priority, penalty, autodetection_retry, update_every, but can also be defined per JOB to override the global values.

            Additionally, the following collapsed table contains all the options that can be configured inside a JOB definition.

            Every configuration JOB starts with a `job_name` value which will appear in the dashboard, unless a `name` parameter is specified.
          folding:
            title: Config options
            enabled: true
          list:
            - name: log_path
              description: path to fail2ban.log.
              default_value: /var/log/fail2ban.log
              required: false
            - name: conf_path
              description: path to jail.local/jail.conf.
              default_value: /etc/fail2ban/jail.local
              required: false
            - name: conf_dir
              description: path to jail.d/.
              default_value: /etc/fail2ban/jail.d/
              required: false
            - name: exclude
              description: jails you want to exclude from autodetection.
              default_value: ""
              required: false
            - name: update_every
              description: Sets the default data collection frequency.
              default_value: 1
              required: false
            - name: priority
              description: Controls the order of charts at the netdata dashboard.
              default_value: 60000
              required: false
            - name: autodetection_retry
              description: Sets the job re-check interval in seconds.
              default_value: 0
              required: false
            - name: penalty
              description: Indicates whether to apply penalty to update_every in case of failures.
              default_value: yes
              required: false
            - name: name
              description: Job name. This value will overwrite the `job_name` value. JOBS with the same name are mutually exclusive. Only one of them will be allowed running at any time. This allows autodetection to try several alternatives and pick the one that works.
              default_value: ""
              required: false
        examples:
          folding:
            enabled: true
            title: Config
          list:
            - name: Basic
              folding:
                enabled: false
              description: A basic example configuration.
              config: |
                local:
                  log_path: '/var/log/fail2ban.log'
                  conf_path: '/etc/fail2ban/jail.local'
    troubleshooting:
      problems:
        list:
          - name: Debug Mode
            description: |
              To troubleshoot issues with the `fail2ban` module, run the `python.d.plugin` with the debug option enabled.
              The output will give you the output of the data collection job or error messages on why the collector isn't working.

              First, navigate to your plugins directory, usually they are located under `/usr/libexec/netdata/plugins.d/`. If that's
              not the case on your system, open `netdata.conf` and look for the setting `plugins directory`. Once you're in the
              plugin's directory, switch to the `netdata` user.

              ```bash
              cd /usr/libexec/netdata/plugins.d/
              sudo su -s /bin/bash netdata
              ```

              Now you can manually run the `fail2ban` module in debug mode:

              ```bash
              ./python.d.plugin fail2ban debug trace
              ```
    alerts: []
    metrics:
      folding:
        title: Metrics
        enabled: false
      description: ""
      availability: []
      scopes:
        - name: global
          description: |
            These metrics refer to the entire monitored application.
          labels: []
          metrics:
            - name: fail2ban.failed_attempts
              description: Failed attempts
              unit: "attempts/s"
              chart_type: line
              dimensions:
                - name: a dimension per jail
            - name: fail2ban.bans
              description: Bans
              unit: "bans/s"
              chart_type: line
              dimensions:
                - name: a dimension per jail
            - name: fail2ban.banned_ips
              description: Banned IP addresses (since the last restart of netdata)
              unit: "ips"
              chart_type: line
              dimensions:
                - name: a dimension per jail