Update fail2ban readme
This commit is contained in:
parent
1557e9094d
commit
364bf38b4a
|
@ -1,31 +1,15 @@
|
|||
# Fail2ban Input Plugin
|
||||
|
||||
The fail2ban plugin gathers the count of failed and banned ip addresses using [fail2ban](https://www.fail2ban.org).
|
||||
The fail2ban plugin gathers the count of failed and banned ip addresses using
|
||||
[fail2ban](https://www.fail2ban.org).
|
||||
|
||||
This plugin runs the `fail2ban-client` command which generally requires root access.
|
||||
Acquiring the required permissions can be done using several methods:
|
||||
|
||||
- Use sudo run fail2ban-client.
|
||||
- [Use sudo](#using-sudo) run fail2ban-client.
|
||||
- Run telegraf as root. (not recommended)
|
||||
|
||||
### Using sudo
|
||||
|
||||
You will need the following in your telegraf config:
|
||||
```toml
|
||||
[[inputs.fail2ban]]
|
||||
use_sudo = true
|
||||
```
|
||||
|
||||
You will also need to update your sudoers file:
|
||||
```bash
|
||||
$ visudo
|
||||
# Add the following line:
|
||||
Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
|
||||
telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
|
||||
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
|
||||
```
|
||||
|
||||
### Configuration:
|
||||
### Configuration
|
||||
|
||||
```toml
|
||||
# Read metrics from fail2ban.
|
||||
|
@ -34,18 +18,37 @@ Defaults!FAIL2BAN !logfile, !syslog, !pam_session
|
|||
use_sudo = false
|
||||
```
|
||||
|
||||
### Measurements & Fields:
|
||||
### Using sudo
|
||||
|
||||
Make sure to set `use_sudo = true` in your configuration file.
|
||||
|
||||
You will also need to update your sudoers file. It is recommended to modify a
|
||||
file in the `/etc/sudoers.d` directory using `visudo`:
|
||||
|
||||
```bash
|
||||
$ sudo visudo -f /etc/sudoers.d/telegraf
|
||||
```
|
||||
|
||||
Add the following lines to the file, these commands allow the `telegraf` user
|
||||
to call `fail2ban-client` without needing to provide a password and disables
|
||||
logging of the call in the auth.log. Consult `man 8 visudo` and `man 5
|
||||
sudoers` for details.
|
||||
```
|
||||
Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
|
||||
telegraf ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
|
||||
Defaults!FAIL2BAN !logfile, !syslog, !pam_session
|
||||
```
|
||||
|
||||
### Metrics
|
||||
|
||||
- fail2ban
|
||||
- tags:
|
||||
- jail
|
||||
- fields:
|
||||
- failed (integer, count)
|
||||
- banned (integer, count)
|
||||
|
||||
### Tags:
|
||||
|
||||
- All measurements have the following tags:
|
||||
- jail
|
||||
|
||||
### Example Output:
|
||||
### Example Output
|
||||
|
||||
```
|
||||
# fail2ban-client status sshd
|
||||
|
|
Loading…
Reference in New Issue