Fail2Ban Logs
An intrusion prevention software framework called fail2ban protects computer servers from brute-force attacks by generating rules that automatically alter your iptables firewall configuration based on a predefined number of unsuccessful login attempts. The fail2ban logs offer the list of IP addresses that are banned on the server. Site24x7 AppLogs has built-in support for fail2ban logs.
Getting started
1. Log in to your Site24x7 account.
2. Download and install the Site24x7 Server Monitoring Agent (Windows | Linux).
3. Go to Admin > AppLogs > Log Profile and select Add Log Profile.
4. Enter the Profile Name.
5. Select Fail2Ban Logs from the Choose the Log Type dropdown.
- The Sample Logs and Log Pattern are displayed below.
Sample Logs:
2018-03-11 11:52:07,305 fail2ban.actions[8765]: WARNING [nginx-forbidden] Ban 192.162.101.80
2018-03-11 11:52:07,379 fail2ban.actions[8765]: INFO [nginx-forbidden] 192.162.101.80 already banned
2018-03-11 12:52:08,128 fail2ban.actions[8765]: WARNING [nginx-forbidden] Unban 192.162.101.80
These logs are separated into fields, each of which takes its respective value and is then uploaded to Site24x7.
- By default, this is the Log Pattern identified by AppLogs for fail2ban logs:
$Datetime:date$ $Action$! [$Code$]!: $LogLevel$ [$Process$] $ActionTaken$ $MachineIp$
- You can add a custom Log Pattern instead of the default one. To do so, click the pencil icon and specify your pattern.
6. Select the Local File as the Log Source.
7. By default, the path below is used as the file source:
Linux: "/var/log/fail2ban.log"
- If your source path is different from the default path, specify it in the List of files to search for logs field.
8. Select either monitors or monitor groups to collect the logs.
9. Click Save.
Dashboard
AppLogs creates an exclusive dashboard for every log type and shows a few widgets by default. Here's a list of the widgets available on the fail2ban logs dashboard:
- Type of Action Taken
- Banned Requests Trend
- Top Banned IPs