telegraf/plugins/inputs/fail2ban/README.md

# Fail2ban Input Plugin

The fail2ban plugin gathers the count of failed and banned ip addresses using [fail2ban](https://www.fail2ban.org).

This plugin runs the `fail2ban-client` command which generally requires root access.
Acquiring the required permissions can be done using several methods:

- Use sudo run fail2ban-client.
- Run telegraf as root. (not recommended)

### Using sudo

You will need the following in your telegraf config:
```toml
[[inputs.fail2ban]]
  use_sudo = true
```

You will also need to update your sudoers file:
```bash
$ visudo
# Add the following line:
Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
telegraf  ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
```

### Configuration:

```toml
# Read metrics from fail2ban.
[[inputs.fail2ban]]
  ## Use sudo to run fail2ban-client
  use_sudo = false
```

### Measurements & Fields:

- fail2ban
  - failed (integer, count)
  - banned (integer, count)

### Tags:

- All measurements have the following tags:
  - jail

### Example Output:

```
# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 5
|  |- Total failed:     20
|  `- File list:        /var/log/secure
`- Actions
   |- Currently banned: 2
   |- Total banned:     10
   `- Banned IP list:   192.168.0.1 192.168.0.2
```

```
fail2ban,jail=sshd failed=5i,banned=2i 1495868667000000000
```
Update fail2ban documentation 2017-08-25 18:42:07 +00:00			`# Fail2ban Input Plugin`
Add input plugin for Fail2ban (#2875) 2017-06-21 19:42:13 +00:00
Update fail2ban documentation 2017-08-25 18:42:07 +00:00			`The fail2ban plugin gathers the count of failed and banned ip addresses using [fail2ban](https://www.fail2ban.org).`
Add input plugin for Fail2ban (#2875) 2017-06-21 19:42:13 +00:00
Update fail2ban documentation 2017-08-25 18:42:07 +00:00			This plugin runs the `fail2ban-client` command which generally requires root access.
			`Acquiring the required permissions can be done using several methods:`
Add input plugin for Fail2ban (#2875) 2017-06-21 19:42:13 +00:00
Update fail2ban documentation 2017-08-25 18:42:07 +00:00			`- Use sudo run fail2ban-client.`
			`- Run telegraf as root. (not recommended)`
Add input plugin for Fail2ban (#2875) 2017-06-21 19:42:13 +00:00
			`### Using sudo`

Update sudo config recommendation (#5337) 2019-01-24 18:54:25 +00:00			`You will need the following in your telegraf config:`
			```toml
			`[[inputs.fail2ban]]`
			`use_sudo = true`
			```
Add input plugin for Fail2ban (#2875) 2017-06-21 19:42:13 +00:00
Update sudo config recommendation (#5337) 2019-01-24 18:54:25 +00:00			`You will also need to update your sudoers file:`
			```bash
			`$ visudo`
			`# Add the following line:`
			`Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *`
			`telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN`
			`Defaults!FAIL2BAN !logfile, !syslog, !pam_session`
Add input plugin for Fail2ban (#2875) 2017-06-21 19:42:13 +00:00			```

			`### Configuration:`

Update sudo config recommendation (#5337) 2019-01-24 18:54:25 +00:00			```toml
Add input plugin for Fail2ban (#2875) 2017-06-21 19:42:13 +00:00			`# Read metrics from fail2ban.`
			`[[inputs.fail2ban]]`
Update fail2ban documentation 2017-08-25 18:42:07 +00:00			`## Use sudo to run fail2ban-client`
Add input plugin for Fail2ban (#2875) 2017-06-21 19:42:13 +00:00			`use_sudo = false`
			```

			`### Measurements & Fields:`

			`- fail2ban`
			`- failed (integer, count)`
			`- banned (integer, count)`

			`### Tags:`

			`- All measurements have the following tags:`
			`- jail`
Update fail2ban documentation 2017-08-25 18:42:07 +00:00
Add input plugin for Fail2ban (#2875) 2017-06-21 19:42:13 +00:00			`### Example Output:`

			```
			`# fail2ban-client status sshd`
			`Status for the jail: sshd`
			`\|- Filter`
			`\| \|- Currently failed: 5`
			`\| \|- Total failed: 20`
			\| `- File list: /var/log/secure
			`- Actions
			`\|- Currently banned: 2`
			`\|- Total banned: 10`
			`- Banned IP list: 192.168.0.1 192.168.0.2
			```

			```
			`fail2ban,jail=sshd failed=5i,banned=2i 1495868667000000000`
			```