Ad Widget

**asaveljevs** · 04-01-2016, 15:09

Similar user parameter solution with one-liners:

Code:

UserParameter=fail2ban.status[*],fail2ban-client status '$1' | grep 'Currently banned:' | grep -E -o '[0-9]+'
UserParameter=fail2ban.discovery,fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/\(\w\+\)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/'

**BDiE8VNy** · 06-01-2016, 00:09

Originally posted by asaveljevs

Similar user parameter solution with one-liners:

Code:

UserParameter=fail2ban.status[*],fail2ban-client status '$1' | grep 'Currently banned:' | grep -E -o '[0-9]+'
UserParameter=fail2ban.discovery,fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/\(\w\+\)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/'

How about adding these to http://zabbix.org/wiki/User_parameter_one-liners

**romale** · 31-03-2016, 14:08

Originally posted by asaveljevs

Similar user parameter solution with one-liners:

Code:

UserParameter=fail2ban.status[*],fail2ban-client status '$1' | grep 'Currently banned:' | grep -E -o '[0-9]+'
UserParameter=fail2ban.discovery,fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/\(\w\+\)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/'

if i've this jails "dovecot-auth, sendmail", so result of script "fail2ban.discovery" is:
{"data":[{"{#JAIL}":"dovecot"}-{"{#JAIL}":"auth"}, {"{#JAIL}":"sendmail"}]}

How to bring to?
{"{#JAIL}":"dovecot-auth"},{"{#JAIL}":" sendmail"}

Thanks

**romale** · 31-03-2016, 16:41

limo, thank you, works good.

plus, i've added:
1. scripts execution via sudo
2. fail2ban server checking and trigger for this
3. sudo file fo zabbix
4. graph prototype

1,2. zabbix userparameters:
### Fail2ban monitoring
UserParameter=fail2ban.status,res=$(sudo fail2ban-client ping|awk '{print $3}');if [ "$res" == "pong" ]; then echo 1; else echo 0;fi
UserParameter=fail2ban.jail.banned[*],sudo /opt/scripts/fail2ban_jail_banned $1
UserParameter=fail2ban.jail.discovery,sudo /opt/scripts/fail2ban_jail_discovery
### end

3.
cat /etc/sudoers.d/zabbix
## sudoers file.
zabbix ALL=(ALL) NOPASSWD: /usr/bin/fail2ban-client ping, /opt/scripts/fail2ban_jail_discovery, /opt/scripts/fail2ban_jail_banned *

modified template in attachment

Attached Files

zbx_file2ban_templates.xml.zip (1.7 KB, 452 views)

**limo** · 05-04-2016, 13:27

Please try zaf version.

Code:

curl -k https://raw.githubusercontent.com/limosek/zaf/master/install.sh | sh
zaf install fail2ban

See https://github.com/limosek/zaf for more info.

**michaelwemoto** · 27-04-2016, 14:49

Originally posted by asaveljevs

Similar user parameter solution with one-liners:

Code:

UserParameter=fail2ban.status[*],fail2ban-client status '$1' | grep 'Currently banned:' | grep -E -o '[0-9]+'
UserParameter=fail2ban.discovery,fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/\(\w\+\)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/'

I'm seeing the same issue as Romale, my jails have hyphens and it's not splitting correctly.

Could you tweak this expression to stop it stripping the -'s?

Other than that, great solution, much preferred to not have remote scripts.

**asaveljevs** · 27-04-2016, 17:11

A quick fix would be to simply add "-" character to the second sed expressoin:

Code:

... -e 's/\(\(\w|-\)\+\)/{"{#JAIL}":"\1"}/g' ...

**michaelwemoto** · 27-04-2016, 17:17

Originally posted by asaveljevs

A quick fix would be to simply add "-" character to the second sed expressoin:

Code:

... -e 's/\(\(\w|-\)\+\)/{"{#JAIL}":"\1"}/g' ...

Close....

fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/$\(\w|-$\+\)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/'

produces;
{"data":[postfix-rcpt, postfix-smtp, ssh-iptables]}

Not to worry, monitoring the number of banned IP's isn't massively important to me.

thanks!

**asaveljevs** · 27-04-2016, 17:19

Yes, sorry, there should have been a backslash before the pipe:

Code:

... -e 's/\(\(\w\|-\)\+\)/{"{#JAIL}":"\1"}/g' ...

**michaelwemoto** · 27-04-2016, 17:21

Originally posted by asaveljevs

Yes, sorry, there should have been a backslash before the pipe:

Code:

... -e 's/\(\(\w\|-\)\+\)/{"{#JAIL}":"\1"}/g' ...

Thank you kindly sir

**Yannick038** · 31-05-2017, 17:26

Originally posted by limo

Please try zaf version.

See https://github.com/limosek/zaf for more info.

Tried to setup ZAB 1.3 with zabbix 3.2 but this seems not to be working

i have installed zaf
added zaf failban plugin and imported zaf plugin template in my host

but if i am doing a quick test

zaf test fail2ban.jail_discovery i only get :
fail2ban.jail_discovery [t|{ "data":[ { "{#F2BJAIL}":"sshddos," } ] }]

of course i have multiple F2B jails running so it is only reporting one of them (not the first one)

any help appreciated !

**Colttt** · 03-07-2017, 09:23

hello,

when I am running

Code:

/usr/bin/fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/\(\(\w\|-\)\+\)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/'

i got

Code:

{"data":[{"{#JAIL}":"ssh"}]}

but zabbix said

Value should be a JSON object.

but it looks fine.. any idea?

**Yannick038** · 03-07-2017, 09:47

Please check that you're using the same user as zabbix

ie if you're using root to run your command it will work whereas it will not work when run under zabbix user (try to sudo zabbix first after having enable ssh login for zabbix user)

I personnally passed to use lld using sudo fail2ban-client commands (and having enabled zabbix users in sudoers list)

Ad Widget

Zabbix fail2ban monitoring with LLD

Zabbix fail2ban monitoring with LLD

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment