Fail2ban Monitoring
Powerful performance with an easy integration, powered by Telegraf, the open source data connector built by InfluxData.
5B+
Telegraf downloads
#1
Time series database
Source: DB Engines
1B+
Downloads of InfluxDB
2,800+
Contributors
Table of Contents
Powerful Performance, Limitless Scale
Collect, organize, and act on massive volumes of high-velocity data. Any data is more valuable when you think of it as time series data. with InfluxDB, the #1 time series platform built to scale with Telegraf.
See Ways to Get Started
Why use a Telegraf plugin for Fail2ban?
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Using this Fail2ban Telegraf plugin will allow you to collect and monitor the failed and banned IP addresses that you specify over time.
How to monitor Fail2ban using the Telegraf plugin
The Fail2ban Telegraf Plugin gathers the count of failed and banned IP addresses using Fail2ban.
This plugin runs the fail2ban-client command which generally requires root access. Acquiring the required permissions can be done using several methods:
- Use sudo run fail2ban-client.
- Run telegraf as root. (not recommended)
Example output
# fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 5 | |- Total failed: 20 | `- File list: /var/log/secure `- Actions |- Currently banned: 2 |- Total banned: 10 `- Banned IP list: 192.168.0.1 192.168.0.2 fail2ban,jail=sshd failed=5i,banned=2i 1495868667000000000
Key Fail2ban metrics to use for monitoring
Some of the important Fail2ban metrics that you should proactively monitor include:
- tags:
- jail
- fields:
- failed (integer, count)
- banned (integer, count)
Powerful Performance, Limitless Scale
Collect, organize, and act on massive volumes of high-velocity data. Any data is more valuable when you think of it as time series data. with InfluxDB, the #1 time series platform built to scale with Telegraf.
See Ways to Get Started
