prometheus-fail2ban-exporter/README.md

# Fail2Ban Prometheus Exporter

Go tool to collect and export metrics on Fail2Ban

## Table of Contents
1. How to use
2. Docker
    1. Volumes
    2. Docker run
    3. Docker compose
3. CLI usage
4. Metrics

## 1. How to use

Run the exporter by providing it with a fail2ban database to read data from.
Read access to the database is required.
Once the exporter is running, metrics are available at `localhost:9191/metrics`.

The default port is `9191`, but this can be modified with the `-port` flag.

**Note:** By default fail2ban stores the database file at: `/var/lib/fail2ban/fail2ban.sqlite3`

**Fail2Ban Jails**

fail2ban can be configured to process different log files and use different rules for each one.
These separate configurations are referred to as *jails*.

For example, fail2ban can be configured to watch the system logs for failed SSH connections and Nextcloud logs for failed logins.
In this configuration, there will be two jails - one for IPs banned from the SSH logs, and one for IPs banned from the Nextcloud logs.

This tool exports several metrics *per jail*, meaning that it is possible to track how many IPs are being banned in each jail as well as the overall total.
This can be useful to track what services are seeing more failed logins.

## 2. Docker

An official docker image is available on the Gitlab container registry.
Use it by pulling the following image:

```
registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
```

Use the `:latest` tag to get the most up to date code (less stable) or use one of the version tagged images to use a specific release.
See the [registry page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/container_registry) for all available tags.

### 2.1. Volumes

The docker image is designed to run by mounting the fail2ban sqlite3 database.
The database should be mounted at: `/app/fail2ban.sqlite3`

The database can be mounted with read-only permissions.

### 2.2. Docker run

Use the following command to run the forwarder as a docker container.

```
docker run -d \
    --name "fail2ban-exporter" \
    -v /var/lib/fail2ban/fail2ban.sqlite3:/app/fail2ban.sqlite3:ro \
    -p "9191:9191"
    registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
```

### 2.3. Docker compose

The following is a simple docker-compose file to run the exporter.

```
version: "2"
services:
  exporter:
    image: registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
    volumes:
    - /var/lib/fail2ban/fail2ban.sqlite3:/app/fail2ban.sqlite3:ro
    ports:
    - "9191:9191"
```

## 3. CLI usage

```
$ fail2ban-prometheus-exporter -h

  -db string
        path to the fail2ban sqlite database
  -port int
        port to use for the metrics server (default 9191)
  -version
        show version info and exit
```

## 4. Metrics

Access exported metrics at `/metrics` (on the provided port).

**Note:** All metric names include the `fail2ban_` prefix to make sure they are unique and easier to find.

Exposed metrics:
* `up` - Returns 1 if the service is up
* `errors` - Returns the number of errors found since startup
* `enabled_jails` - Returns 1 for each jail that is enabled, 0 if disabled.
* `bad_ips` (per jail)
    * A *bad IP* is defined as an IP that has been banned at least once in the past
    * Bad IPs are counted per jail
* `banned_ips` (per jail)
    * A *banned IP* is defined as an IP that is currently banned on the firewall
    * Banned IPs are counted per jail

**Sample**

```
# HELP fail2ban_bad_ips Number of bad IPs stored in the database (per jail).
# TYPE fail2ban_bad_ips gauge
fail2ban_bad_ips{jail="jail1"} 6
fail2ban_bad_ips{jail="jail2"} 8
# HELP fail2ban_banned_ips Number of banned IPs stored in the database (per jail).
# TYPE fail2ban_banned_ips gauge
fail2ban_banned_ips{jail="jail1"} 3
fail2ban_banned_ips{jail="jail2"} 2
# HELP fail2ban_up Was the last fail2ban query successful.
# TYPE fail2ban_up gauge
fail2ban_up 1
# HELP fail2ban_enabled_jails Enabled jails.
# TYPE fail2ban_enabled_jails gauge
fail2ban_enabled_jails{jail="jail1"} 1
fail2ban_enabled_jails{jail="jail2"} 1
# HELP fail2ban_errors Number of errors found since startup.
# TYPE fail2ban_errors counter
fail2ban_errors{type="db"} 0
```
initial commit 2021-02-05 22:49:47 +00:00			`# Fail2Ban Prometheus Exporter`

			`Go tool to collect and export metrics on Fail2Ban`
docs: populate readme file with project information Update the project README file to include information on what the project does and how to run it. 2021-02-09 21:45:19 +00:00
			`## Table of Contents`
			`1. How to use`
			`2. Docker`
docs: fix item in readme table of contents 2021-02-11 09:04:38 +00:00			`1. Volumes`
docs: populate readme file with project information Update the project README file to include information on what the project does and how to run it. 2021-02-09 21:45:19 +00:00			`2. Docker run`
			`3. Docker compose`
			`3. CLI usage`
			`4. Metrics`

			`## 1. How to use`

			`Run the exporter by providing it with a fail2ban database to read data from.`
			`Read access to the database is required.`
			Once the exporter is running, metrics are available at `localhost:9191/metrics`.

			The default port is `9191`, but this can be modified with the `-port` flag.

			Note: By default fail2ban stores the database file at: `/var/lib/fail2ban/fail2ban.sqlite3`

			`Fail2Ban Jails`

			`fail2ban can be configured to process different log files and use different rules for each one.`
			`These separate configurations are referred to as jails.`

			`For example, fail2ban can be configured to watch the system logs for failed SSH connections and Nextcloud logs for failed logins.`
			`In this configuration, there will be two jails - one for IPs banned from the SSH logs, and one for IPs banned from the Nextcloud logs.`

			`This tool exports several metrics per jail, meaning that it is possible to track how many IPs are being banned in each jail as well as the overall total.`
			`This can be useful to track what services are seeing more failed logins.`

			`## 2. Docker`

			`An official docker image is available on the Gitlab container registry.`
			`Use it by pulling the following image:`

			```
			`registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest`
			```

			Use the `:latest` tag to get the most up to date code (less stable) or use one of the version tagged images to use a specific release.
			`See the [registry page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/container_registry) for all available tags.`

			`### 2.1. Volumes`

			`The docker image is designed to run by mounting the fail2ban sqlite3 database.`
			The database should be mounted at: `/app/fail2ban.sqlite3`

			`The database can be mounted with read-only permissions.`

			`### 2.2. Docker run`

			`Use the following command to run the forwarder as a docker container.`

			```
			`docker run -d \`
			`--name "fail2ban-exporter" \`
			`-v /var/lib/fail2ban/fail2ban.sqlite3:/app/fail2ban.sqlite3:ro \`
			`-p "9191:9191"`
			`registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest`
			```

			`### 2.3. Docker compose`

			`The following is a simple docker-compose file to run the exporter.`

			```
			`version: "2"`
			`services:`
			`exporter:`
docs: fix typo in readme docker-compose 2021-02-10 18:56:25 +00:00			`image: registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest`
docs: populate readme file with project information Update the project README file to include information on what the project does and how to run it. 2021-02-09 21:45:19 +00:00			`volumes:`
			`- /var/lib/fail2ban/fail2ban.sqlite3:/app/fail2ban.sqlite3:ro`
			`ports:`
			`- "9191:9191"`
			```

			`## 3. CLI usage`

			```
			`$ fail2ban-prometheus-exporter -h`

			`-db string`
			`path to the fail2ban sqlite database`
			`-port int`
			`port to use for the metrics server (default 9191)`
			`-version`
			`show version info and exit`
			```

			`## 4. Metrics`

			Access exported metrics at `/metrics` (on the provided port).

			Note: All metric names include the `fail2ban_` prefix to make sure they are unique and easier to find.

			`Exposed metrics:`
			* `up` - Returns 1 if the service is up
feat: new metric to track error counts Add a new metric to count the number of database errors that have been found since startup. This complements the `up` metric to have better visibility into occasional database errors. 2021-04-07 20:46:41 +00:00			* `errors` - Returns the number of errors found since startup
feat: new metric for enabled jails (#1) Add a new prometheus metric to track which jails are currently enabled. Add a new database query to read the jail name and enabled status from the database. Add new metric to readme file. 2021-04-07 17:55:34 +00:00			* `enabled_jails` - Returns 1 for each jail that is enabled, 0 if disabled.
docs: populate readme file with project information Update the project README file to include information on what the project does and how to run it. 2021-02-09 21:45:19 +00:00			* `bad_ips` (per jail)
			`* A bad IP is defined as an IP that has been banned at least once in the past`
			`* Bad IPs are counted per jail`
			* `banned_ips` (per jail)
			`* A banned IP is defined as an IP that is currently banned on the firewall`
			`* Banned IPs are counted per jail`

			`Sample`

			```
			`# HELP fail2ban_bad_ips Number of bad IPs stored in the database (per jail).`
			`# TYPE fail2ban_bad_ips gauge`
			`fail2ban_bad_ips{jail="jail1"} 6`
			`fail2ban_bad_ips{jail="jail2"} 8`
			`# HELP fail2ban_banned_ips Number of banned IPs stored in the database (per jail).`
			`# TYPE fail2ban_banned_ips gauge`
			`fail2ban_banned_ips{jail="jail1"} 3`
			`fail2ban_banned_ips{jail="jail2"} 2`
			`# HELP fail2ban_up Was the last fail2ban query successful.`
			`# TYPE fail2ban_up gauge`
			`fail2ban_up 1`
feat: new metric for enabled jails (#1) Add a new prometheus metric to track which jails are currently enabled. Add a new database query to read the jail name and enabled status from the database. Add new metric to readme file. 2021-04-07 17:55:34 +00:00			`# HELP fail2ban_enabled_jails Enabled jails.`
			`# TYPE fail2ban_enabled_jails gauge`
			`fail2ban_enabled_jails{jail="jail1"} 1`
			`fail2ban_enabled_jails{jail="jail2"} 1`
feat: new metric to track error counts Add a new metric to count the number of database errors that have been found since startup. This complements the `up` metric to have better visibility into occasional database errors. 2021-04-07 20:46:41 +00:00			`# HELP fail2ban_errors Number of errors found since startup.`
			`# TYPE fail2ban_errors counter`
			`fail2ban_errors{type="db"} 0`
docs: populate readme file with project information Update the project README file to include information on what the project does and how to run it. 2021-02-09 21:45:19 +00:00			```