Plugin: go.d.plugin Module: fail2ban
This collector tracks two main metrics for each jail: currently banned IPs and active failure incidents. It relies on the fail2ban-client
CLI tool but avoids directly executing the binary. Instead, it utilizes ndsudo
, a Netdata helper specifically designed to run privileged commands securely within the Netdata environment. This approach eliminates the need to use sudo
, improving security and potentially simplifying permission management.
This collector is only supported on the following platforms:
This collector only supports collecting metrics from a single instance of this integration.
This integration doesn’t support auto-detection.
The default configuration for this integration does not impose any limits on data collection.
The default configuration for this integration is not expected to impose a significant performance impact on the system.
Install Fail2ban client.
Ensure fail2ban-client
is available in the container by setting the environment variable NETDATA_EXTRA_DEB_PACKAGES=fail2ban
when starting the container.
Mount host’s /var/run
directory.
Mount the host machine’s /var/run
directory to /host/var/run
inside your Netdata container. This grants Netdata access to the Fail2ban socket file, typically located at /var/run/fail2ban/fail2ban.sock
.
The configuration file name for this integration is go.d/fail2ban.conf
.
You can edit the configuration file using the edit-config
script from the
Netdata config directory.
cd /etc/netdata 2>/dev/null || cd /opt/netdata/etc/netdata
sudo ./edit-config go.d/fail2ban.conf
The following options can be defined globally: update_every.
Name | Description | Default | Required |
---|---|---|---|
update_every | Data collection frequency. | 10 | no |
timeout | fail2ban-client binary execution timeout. | 2 | no |
Allows you to override the default data collection interval.
jobs:
- name: fail2ban
update_every: 5 # Collect Fail2Ban jails statistics every 5 seconds
Metrics grouped by scope.
The scope defines the instance that the metric belongs to. An instance is uniquely identified by a set of labels.
These metrics refer to the Jail.
Labels:
Label | Description |
---|---|
jail | Jail’s name |
Metrics:
Metric | Dimensions | Unit |
---|---|---|
fail2ban.jail_banned_ips | banned | addresses |
fail2ban.jail_active_failures | active_failures | failures |
There are no alerts configured by default for this integration.
Important: Debug mode is not supported for data collection jobs created via the UI using the Dyncfg feature.
To troubleshoot issues with the fail2ban
collector, run the go.d.plugin
with the debug option enabled. The output
should give you clues as to why the collector isn’t working.
Navigate to the plugins.d
directory, usually at /usr/libexec/netdata/plugins.d/
. If that’s not the case on
your system, open netdata.conf
and look for the plugins
setting under [directories]
.
cd /usr/libexec/netdata/plugins.d/
Switch to the netdata
user.
sudo -u netdata -s
Run the go.d.plugin
to debug the collector:
./go.d.plugin -d -m fail2ban
If you’re encountering problems with the fail2ban
collector, follow these steps to retrieve logs and identify potential issues:
Use the following command to view logs generated since the last Netdata service restart:
journalctl _SYSTEMD_INVOCATION_ID="$(systemctl show --value --property=InvocationID netdata)" --namespace=netdata --grep fail2ban
Locate the collector log file, typically at /var/log/netdata/collector.log
, and use grep
to filter for collector’s name:
grep fail2ban /var/log/netdata/collector.log
Note: This method shows logs from all restarts. Focus on the latest entries for troubleshooting current issues.
If your Netdata runs in a Docker container named “netdata” (replace if different), use this command:
docker logs netdata 2>&1 | grep fail2ban
Want a personalised demo of Netdata for your use case?