2021-02-05 22:49:47 +00:00
|
|
|
package main
|
|
|
|
|
2021-02-05 23:01:00 +00:00
|
|
|
import (
|
2021-02-06 15:17:35 +00:00
|
|
|
"fail2ban-prometheus-exporter/cfg"
|
2021-02-06 11:45:46 +00:00
|
|
|
fail2banDb "fail2ban-prometheus-exporter/db"
|
2021-08-29 11:50:53 +00:00
|
|
|
"fail2ban-prometheus-exporter/socket"
|
2021-02-06 15:17:35 +00:00
|
|
|
"fmt"
|
2021-08-29 11:50:53 +00:00
|
|
|
"log"
|
|
|
|
"net/http"
|
|
|
|
|
2021-02-06 11:45:46 +00:00
|
|
|
_ "github.com/mattn/go-sqlite3"
|
2021-02-05 23:01:00 +00:00
|
|
|
"github.com/prometheus/client_golang/prometheus"
|
|
|
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
|
|
|
)
|
|
|
|
|
2021-08-29 11:50:53 +00:00
|
|
|
const (
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedNamespace = "fail2ban"
|
|
|
|
namespace = "f2b"
|
2021-08-29 11:50:53 +00:00
|
|
|
)
|
2021-02-05 23:01:00 +00:00
|
|
|
|
2021-02-06 11:45:46 +00:00
|
|
|
var (
|
2021-02-06 15:17:35 +00:00
|
|
|
version = "dev"
|
|
|
|
commit = "none"
|
|
|
|
date = "unknown"
|
|
|
|
builtBy = "unknown"
|
|
|
|
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedMetricUp = prometheus.NewDesc(
|
|
|
|
prometheus.BuildFQName(deprecatedNamespace, "", "up"),
|
|
|
|
"(Deprecated) Was the last fail2ban query successful.",
|
2021-02-06 11:45:46 +00:00
|
|
|
nil, nil,
|
|
|
|
)
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedMetricBannedIpsPerJail = prometheus.NewDesc(
|
|
|
|
prometheus.BuildFQName(deprecatedNamespace, "", "banned_ips"),
|
|
|
|
"(Deprecated) Number of banned IPs stored in the database (per jail).",
|
2021-02-06 12:24:31 +00:00
|
|
|
[]string{"jail"}, nil,
|
|
|
|
)
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedMetricBadIpsPerJail = prometheus.NewDesc(
|
|
|
|
prometheus.BuildFQName(deprecatedNamespace, "", "bad_ips"),
|
|
|
|
"(Deprecated) Number of bad IPs stored in the database (per jail).",
|
2021-02-06 12:12:01 +00:00
|
|
|
[]string{"jail"}, nil,
|
2021-02-06 11:45:46 +00:00
|
|
|
)
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedMetricEnabledJails = prometheus.NewDesc(
|
|
|
|
prometheus.BuildFQName(deprecatedNamespace, "", "enabled_jails"),
|
|
|
|
"(Deprecated) Enabled jails.",
|
2021-04-07 17:55:34 +00:00
|
|
|
[]string{"jail"}, nil,
|
|
|
|
)
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedMetricErrorCount = prometheus.NewDesc(
|
|
|
|
prometheus.BuildFQName(deprecatedNamespace, "", "errors"),
|
|
|
|
"(Deprecated) Number of errors found since startup.",
|
2021-04-07 20:46:41 +00:00
|
|
|
[]string{"type"}, nil,
|
|
|
|
)
|
2021-08-29 16:54:20 +00:00
|
|
|
|
2021-08-30 16:38:33 +00:00
|
|
|
metricErrorCount = prometheus.NewDesc(
|
|
|
|
prometheus.BuildFQName(namespace, "", "errors"),
|
2021-08-30 07:19:11 +00:00
|
|
|
"Number of errors found since startup",
|
|
|
|
[]string{"type"}, nil,
|
|
|
|
)
|
|
|
|
metricServerUp = prometheus.NewDesc(
|
2021-08-30 16:38:33 +00:00
|
|
|
prometheus.BuildFQName(namespace, "", "up"),
|
2021-08-29 11:50:53 +00:00
|
|
|
"Check if the fail2ban server is up",
|
|
|
|
nil, nil,
|
|
|
|
)
|
2021-08-29 16:54:20 +00:00
|
|
|
metricJailCount = prometheus.NewDesc(
|
2021-08-30 16:38:33 +00:00
|
|
|
prometheus.BuildFQName(namespace, "", "jail_count"),
|
2021-08-29 16:54:20 +00:00
|
|
|
"Number of defined jails",
|
|
|
|
nil, nil,
|
|
|
|
)
|
|
|
|
metricJailFailedCurrent = prometheus.NewDesc(
|
2021-08-30 16:38:33 +00:00
|
|
|
prometheus.BuildFQName(namespace, "", "jail_failed_current"),
|
2021-08-29 16:54:20 +00:00
|
|
|
"Number of current failures on this jail's filter",
|
|
|
|
[]string{"jail"}, nil,
|
|
|
|
)
|
|
|
|
metricJailFailedTotal = prometheus.NewDesc(
|
2021-08-30 16:38:33 +00:00
|
|
|
prometheus.BuildFQName(namespace, "", "jail_failed_total"),
|
2021-08-29 16:54:20 +00:00
|
|
|
"Number of total failures on this jail's filter",
|
|
|
|
[]string{"jail"}, nil,
|
|
|
|
)
|
|
|
|
metricJailBannedCurrent = prometheus.NewDesc(
|
2021-08-30 16:38:33 +00:00
|
|
|
prometheus.BuildFQName(namespace, "", "jail_banned_current"),
|
2021-08-29 16:54:20 +00:00
|
|
|
"Number of IPs currently banned in this jail",
|
|
|
|
[]string{"jail"}, nil,
|
|
|
|
)
|
|
|
|
metricJailBannedTotal = prometheus.NewDesc(
|
2021-08-30 16:38:33 +00:00
|
|
|
prometheus.BuildFQName(namespace, "", "jail_banned_total"),
|
2021-08-29 16:54:20 +00:00
|
|
|
"Total number of IPs banned by this jail (includes expired bans)",
|
|
|
|
[]string{"jail"}, nil,
|
|
|
|
)
|
2021-02-05 23:01:00 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type Exporter struct {
|
2021-08-30 07:19:11 +00:00
|
|
|
db *fail2banDb.Fail2BanDB
|
|
|
|
socketPath string
|
|
|
|
lastError error
|
|
|
|
dbErrorCount int
|
|
|
|
socketConnectionErrorCount int
|
|
|
|
socketRequestErrorCount int
|
2021-02-05 23:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (e *Exporter) Describe(ch chan<- *prometheus.Desc) {
|
2021-08-29 11:50:53 +00:00
|
|
|
if e.db != nil {
|
2021-08-30 16:38:33 +00:00
|
|
|
ch <- deprecatedMetricUp
|
|
|
|
ch <- deprecatedMetricBadIpsPerJail
|
|
|
|
ch <- deprecatedMetricBannedIpsPerJail
|
|
|
|
ch <- deprecatedMetricEnabledJails
|
|
|
|
ch <- deprecatedMetricErrorCount
|
2021-08-29 11:50:53 +00:00
|
|
|
}
|
2021-08-30 06:36:15 +00:00
|
|
|
if e.socketPath != "" {
|
2021-08-30 07:19:11 +00:00
|
|
|
ch <- metricServerUp
|
2021-08-29 16:54:20 +00:00
|
|
|
ch <- metricJailCount
|
|
|
|
ch <- metricJailFailedCurrent
|
|
|
|
ch <- metricJailFailedTotal
|
|
|
|
ch <- metricJailBannedCurrent
|
|
|
|
ch <- metricJailBannedTotal
|
2021-08-29 11:50:53 +00:00
|
|
|
}
|
2021-08-30 16:38:33 +00:00
|
|
|
ch <- metricErrorCount
|
2021-02-05 23:01:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (e *Exporter) Collect(ch chan<- prometheus.Metric) {
|
2021-08-29 11:50:53 +00:00
|
|
|
if e.db != nil {
|
2021-08-30 16:38:33 +00:00
|
|
|
e.collectDeprecatedBadIpsPerJailMetrics(ch)
|
|
|
|
e.collectDeprecatedBannedIpsPerJailMetrics(ch)
|
|
|
|
e.collectDeprecatedEnabledJailMetrics(ch)
|
|
|
|
e.collectDeprecatedUpMetric(ch)
|
|
|
|
e.collectDeprecatedErrorCountMetric(ch)
|
2021-08-29 11:50:53 +00:00
|
|
|
}
|
2021-08-30 06:36:15 +00:00
|
|
|
if e.socketPath != "" {
|
|
|
|
s, err := socket.ConnectToSocket(e.socketPath)
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("error opening socket: %v", err)
|
2021-08-30 07:19:11 +00:00
|
|
|
e.socketConnectionErrorCount++
|
2021-08-30 06:36:15 +00:00
|
|
|
} else {
|
|
|
|
defer s.Close()
|
2021-08-30 07:19:11 +00:00
|
|
|
}
|
|
|
|
e.collectServerUpMetric(ch, s)
|
|
|
|
if err == nil && s != nil {
|
2021-08-30 06:36:15 +00:00
|
|
|
e.collectJailMetrics(ch, s)
|
|
|
|
}
|
2021-08-29 11:50:53 +00:00
|
|
|
}
|
2021-08-30 16:38:33 +00:00
|
|
|
e.collectErrorCountMetric(ch)
|
2021-04-07 20:32:49 +00:00
|
|
|
}
|
|
|
|
|
2021-08-30 16:38:33 +00:00
|
|
|
func (e *Exporter) collectDeprecatedUpMetric(ch chan<- prometheus.Metric) {
|
2021-04-07 20:32:49 +00:00
|
|
|
var upMetricValue float64 = 1
|
|
|
|
if e.lastError != nil {
|
|
|
|
upMetricValue = 0
|
|
|
|
}
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedMetricUp, prometheus.GaugeValue, upMetricValue,
|
2021-04-07 20:32:49 +00:00
|
|
|
)
|
2021-02-06 11:45:46 +00:00
|
|
|
}
|
|
|
|
|
2021-08-30 16:38:33 +00:00
|
|
|
func (e *Exporter) collectDeprecatedErrorCountMetric(ch chan<- prometheus.Metric) {
|
2021-04-07 20:46:41 +00:00
|
|
|
ch <- prometheus.MustNewConstMetric(
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedMetricErrorCount, prometheus.CounterValue, float64(e.dbErrorCount), "db",
|
2021-04-07 20:46:41 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2021-08-30 16:38:33 +00:00
|
|
|
func (e *Exporter) collectDeprecatedBadIpsPerJailMetrics(ch chan<- prometheus.Metric) {
|
2021-02-06 15:17:35 +00:00
|
|
|
jailNameToCountMap, err := e.db.CountBadIpsPerJail()
|
2021-04-07 20:32:49 +00:00
|
|
|
e.lastError = err
|
|
|
|
|
2021-02-06 12:12:01 +00:00
|
|
|
if err != nil {
|
2021-04-07 20:46:41 +00:00
|
|
|
e.dbErrorCount++
|
2021-02-06 12:12:01 +00:00
|
|
|
log.Print(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
for jailName, count := range jailNameToCountMap {
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedMetricBadIpsPerJail, prometheus.GaugeValue, float64(count), jailName,
|
2021-02-06 12:12:01 +00:00
|
|
|
)
|
|
|
|
}
|
2021-02-05 23:01:00 +00:00
|
|
|
}
|
2021-02-05 22:49:47 +00:00
|
|
|
|
2021-08-30 16:38:33 +00:00
|
|
|
func (e *Exporter) collectDeprecatedBannedIpsPerJailMetrics(ch chan<- prometheus.Metric) {
|
2021-02-06 15:17:35 +00:00
|
|
|
jailNameToCountMap, err := e.db.CountBannedIpsPerJail()
|
2021-04-07 20:32:49 +00:00
|
|
|
e.lastError = err
|
|
|
|
|
2021-02-06 12:24:31 +00:00
|
|
|
if err != nil {
|
2021-04-07 20:46:41 +00:00
|
|
|
e.dbErrorCount++
|
2021-02-06 12:24:31 +00:00
|
|
|
log.Print(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
for jailName, count := range jailNameToCountMap {
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedMetricBannedIpsPerJail, prometheus.GaugeValue, float64(count), jailName,
|
2021-02-06 12:24:31 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-08-30 16:38:33 +00:00
|
|
|
func (e *Exporter) collectDeprecatedEnabledJailMetrics(ch chan<- prometheus.Metric) {
|
2021-04-07 17:55:34 +00:00
|
|
|
jailNameToEnabledMap, err := e.db.JailNameToEnabledValue()
|
2021-04-07 20:32:49 +00:00
|
|
|
e.lastError = err
|
|
|
|
|
2021-04-07 17:55:34 +00:00
|
|
|
if err != nil {
|
2021-04-07 20:46:41 +00:00
|
|
|
e.dbErrorCount++
|
2021-04-07 17:55:34 +00:00
|
|
|
log.Print(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
for jailName, count := range jailNameToEnabledMap {
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
2021-08-30 16:38:33 +00:00
|
|
|
deprecatedMetricEnabledJails, prometheus.GaugeValue, float64(count), jailName,
|
2021-04-07 17:55:34 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-08-30 16:38:33 +00:00
|
|
|
func (e *Exporter) collectErrorCountMetric(ch chan<- prometheus.Metric) {
|
2021-08-30 07:19:11 +00:00
|
|
|
ch <- prometheus.MustNewConstMetric(
|
2021-08-30 16:38:33 +00:00
|
|
|
metricErrorCount, prometheus.CounterValue, float64(e.dbErrorCount), "db",
|
2021-08-30 07:19:11 +00:00
|
|
|
)
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
2021-08-30 16:38:33 +00:00
|
|
|
metricErrorCount, prometheus.CounterValue, float64(e.socketConnectionErrorCount), "socket_conn",
|
2021-08-30 07:19:11 +00:00
|
|
|
)
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
2021-08-30 16:38:33 +00:00
|
|
|
metricErrorCount, prometheus.CounterValue, float64(e.socketRequestErrorCount), "socket_req",
|
2021-08-30 07:19:11 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e *Exporter) collectServerUpMetric(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket) {
|
|
|
|
var serverUp float64 = 0
|
|
|
|
if s != nil {
|
|
|
|
pingSuccess, err := s.Ping()
|
|
|
|
if err != nil {
|
|
|
|
e.socketRequestErrorCount++
|
|
|
|
log.Print(err)
|
|
|
|
}
|
|
|
|
if err == nil && pingSuccess {
|
|
|
|
serverUp = 1
|
|
|
|
}
|
2021-08-29 11:50:53 +00:00
|
|
|
}
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
2021-08-30 07:19:11 +00:00
|
|
|
metricServerUp, prometheus.GaugeValue, serverUp,
|
2021-08-29 11:50:53 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2021-08-30 06:36:15 +00:00
|
|
|
func (e *Exporter) collectJailMetrics(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket) {
|
|
|
|
jails, err := s.GetJails()
|
2021-08-29 16:54:20 +00:00
|
|
|
var count float64 = 0
|
2021-08-30 07:19:11 +00:00
|
|
|
if err != nil {
|
|
|
|
e.socketRequestErrorCount++
|
|
|
|
log.Print(err)
|
|
|
|
}
|
2021-08-29 16:54:20 +00:00
|
|
|
if err == nil {
|
|
|
|
count = float64(len(jails))
|
|
|
|
}
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
|
|
|
metricJailCount, prometheus.GaugeValue, count,
|
|
|
|
)
|
|
|
|
|
|
|
|
for i := range jails {
|
2021-08-30 06:36:15 +00:00
|
|
|
e.collectJailStatsMetric(ch, s, jails[i])
|
2021-08-29 16:54:20 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-08-30 06:36:15 +00:00
|
|
|
func (e *Exporter) collectJailStatsMetric(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket, jail string) {
|
|
|
|
stats, err := s.GetJailStats(jail)
|
2021-08-29 16:54:20 +00:00
|
|
|
if err != nil {
|
2021-08-30 07:19:11 +00:00
|
|
|
e.socketRequestErrorCount++
|
2021-08-29 16:54:20 +00:00
|
|
|
log.Printf("failed to get stats for jail %s: %v", jail, err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
|
|
|
metricJailFailedCurrent, prometheus.GaugeValue, float64(stats.FailedCurrent), jail,
|
|
|
|
)
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
|
|
|
metricJailFailedTotal, prometheus.GaugeValue, float64(stats.FailedTotal), jail,
|
|
|
|
)
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
|
|
|
metricJailBannedCurrent, prometheus.GaugeValue, float64(stats.BannedCurrent), jail,
|
|
|
|
)
|
|
|
|
ch <- prometheus.MustNewConstMetric(
|
|
|
|
metricJailBannedTotal, prometheus.GaugeValue, float64(stats.BannedTotal), jail,
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2021-02-06 15:17:35 +00:00
|
|
|
func printAppVersion() {
|
|
|
|
fmt.Println(version)
|
|
|
|
fmt.Printf(" build date: %s\r\n commit hash: %s\r\n built by: %s\r\n", date, commit, builtBy)
|
|
|
|
}
|
|
|
|
|
2021-02-05 22:49:47 +00:00
|
|
|
func main() {
|
2021-02-06 15:17:35 +00:00
|
|
|
appSettings := cfg.Parse()
|
|
|
|
if appSettings.VersionMode {
|
|
|
|
printAppVersion()
|
|
|
|
} else {
|
|
|
|
log.Print("starting fail2ban exporter")
|
2021-02-05 23:01:00 +00:00
|
|
|
|
2021-08-29 11:50:53 +00:00
|
|
|
exporter := &Exporter{}
|
|
|
|
if appSettings.Fail2BanDbPath != "" {
|
2021-08-30 16:38:33 +00:00
|
|
|
log.Print("database-based metrics have been deprecated and will be removed in a future release")
|
2021-08-29 11:50:53 +00:00
|
|
|
exporter.db = fail2banDb.MustConnectToDb(appSettings.Fail2BanDbPath)
|
|
|
|
}
|
|
|
|
if appSettings.Fail2BanSocketPath != "" {
|
2021-08-30 06:36:15 +00:00
|
|
|
exporter.socketPath = appSettings.Fail2BanSocketPath
|
2021-02-06 15:17:35 +00:00
|
|
|
}
|
|
|
|
prometheus.MustRegister(exporter)
|
2021-02-05 23:01:00 +00:00
|
|
|
|
2021-02-06 15:17:35 +00:00
|
|
|
http.Handle("/metrics", promhttp.Handler())
|
|
|
|
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", appSettings.MetricsPort), nil))
|
|
|
|
}
|
2021-02-05 22:49:47 +00:00
|
|
|
}
|