commit originalHEAD master

author: jerome <jerome@xlinfo.fr> 2023-09-30 22:41:07 +0200
committer: jerome <jerome@xlinfo.fr> 2023-09-30 22:41:07 +0200
commit: 788e4af10b9da09ec0ae981f0f8a3e163a76bdc3 (patch)
tree: 8bc86b2ef2090de85316670f19b1a486c27c041b /fail2ban.yml
download: filebeat-master.tar.gz
filebeat-master.zip
1 files changed, 31 insertions, 0 deletions
diff --git a/fail2ban.yml b/fail2ban.yml
new file mode 100644
index 0000000..bdec775
--- /dev/null
+++ b/fail2ban.yml
@@ -0,0 +1,31 @@
+- type: filestream
+  id: fail2ban
+  enabled: true
+  paths:
+    - /var/log/fail2ban.log
+  include_lines: ['Ban','Unban','Found']
+  processors:
+    - add_tags:
+        tags: ['fail2ban']
+        target: "service.type"
+    - add_tags:
+        tags: ['fail2ban']
+        target: "event.module"
+    - add_tags:
+        tags: ['intrusion_detection']
+        target: "event.category"
+    - dissect:
+        when:
+          contains:
+            message: "INFO"
+        tokenizer: "%{+timestamp} %{+timestamp} %{component->} [%{pid}]: %{log_level->} [%{jail}] %{action} %{ip|ip} - %{} %{}"
+        field: "message"
+        target_prefix: "fail2ban"
+    - dissect:
+        when:
+          contains:
+            message: "NOTICE"
+        tokenizer: "%{+timestamp} %{+timestamp} %{component->} [%{pid}]: %{log_level->} [%{jail}] %{action} %{ip|ip}"
+        field: "message"
+        target_prefix: "fail2ban"
+
author	jerome <jerome@xlinfo.fr>	2023-09-30 22:41:07 +0200
committer	jerome <jerome@xlinfo.fr>	2023-09-30 22:41:07 +0200
commit	788e4af10b9da09ec0ae981f0f8a3e163a76bdc3 (patch)
tree	8bc86b2ef2090de85316670f19b1a486c27c041b /fail2ban.yml
download	filebeat-master.tar.gz filebeat-master.zip