2017-08-25 18:42:07 +00:00
|
|
|
# Fail2ban Input Plugin
|
2017-06-21 19:42:13 +00:00
|
|
|
|
2017-08-25 18:42:07 +00:00
|
|
|
The fail2ban plugin gathers the count of failed and banned ip addresses using [fail2ban](https://www.fail2ban.org).
|
2017-06-21 19:42:13 +00:00
|
|
|
|
2017-08-25 18:42:07 +00:00
|
|
|
This plugin runs the `fail2ban-client` command which generally requires root access.
|
|
|
|
Acquiring the required permissions can be done using several methods:
|
2017-06-21 19:42:13 +00:00
|
|
|
|
2017-08-25 18:42:07 +00:00
|
|
|
- Use sudo run fail2ban-client.
|
|
|
|
- Run telegraf as root. (not recommended)
|
2017-06-21 19:42:13 +00:00
|
|
|
|
|
|
|
### Using sudo
|
|
|
|
|
2019-01-24 18:54:25 +00:00
|
|
|
You will need the following in your telegraf config:
|
|
|
|
```toml
|
|
|
|
[[inputs.fail2ban]]
|
|
|
|
use_sudo = true
|
|
|
|
```
|
2017-06-21 19:42:13 +00:00
|
|
|
|
2019-01-24 18:54:25 +00:00
|
|
|
You will also need to update your sudoers file:
|
|
|
|
```bash
|
|
|
|
$ visudo
|
|
|
|
# Add the following line:
|
|
|
|
Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
|
|
|
|
telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
|
|
|
|
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
|
2017-06-21 19:42:13 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
### Configuration:
|
|
|
|
|
2019-01-24 18:54:25 +00:00
|
|
|
```toml
|
2017-06-21 19:42:13 +00:00
|
|
|
# Read metrics from fail2ban.
|
|
|
|
[[inputs.fail2ban]]
|
2017-08-25 18:42:07 +00:00
|
|
|
## Use sudo to run fail2ban-client
|
2017-06-21 19:42:13 +00:00
|
|
|
use_sudo = false
|
|
|
|
```
|
|
|
|
|
|
|
|
### Measurements & Fields:
|
|
|
|
|
|
|
|
- fail2ban
|
|
|
|
- failed (integer, count)
|
|
|
|
- banned (integer, count)
|
|
|
|
|
|
|
|
### Tags:
|
|
|
|
|
|
|
|
- All measurements have the following tags:
|
|
|
|
- jail
|
2017-08-25 18:42:07 +00:00
|
|
|
|
2017-06-21 19:42:13 +00:00
|
|
|
### Example Output:
|
|
|
|
|
|
|
|
```
|
|
|
|
# fail2ban-client status sshd
|
|
|
|
Status for the jail: sshd
|
|
|
|
|- Filter
|
|
|
|
| |- Currently failed: 5
|
|
|
|
| |- Total failed: 20
|
|
|
|
| `- File list: /var/log/secure
|
|
|
|
`- Actions
|
|
|
|
|- Currently banned: 2
|
|
|
|
|- Total banned: 10
|
|
|
|
`- Banned IP list: 192.168.0.1 192.168.0.2
|
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
|
|
fail2ban,jail=sshd failed=5i,banned=2i 1495868667000000000
|
|
|
|
```
|