From 788e4af10b9da09ec0ae981f0f8a3e163a76bdc3 Mon Sep 17 00:00:00 2001
From: jerome <jerome@xlinfo.fr>
Date: Sat, 30 Sep 2023 22:41:07 +0200
Subject: commit original

---
 fail2ban.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 fail2ban.yml

(limited to 'fail2ban.yml')

diff --git a/fail2ban.yml b/fail2ban.yml
new file mode 100644
index 0000000..bdec775
--- /dev/null
+++ b/fail2ban.yml
@@ -0,0 +1,31 @@
+- type: filestream
+  id: fail2ban
+  enabled: true
+  paths:
+    - /var/log/fail2ban.log
+  include_lines: ['Ban','Unban','Found']
+  processors:
+    - add_tags:
+        tags: ['fail2ban']
+        target: "service.type"
+    - add_tags:
+        tags: ['fail2ban']
+        target: "event.module"
+    - add_tags:
+        tags: ['intrusion_detection']
+        target: "event.category"
+    - dissect:
+        when:
+          contains:
+            message: "INFO"
+        tokenizer: "%{+timestamp} %{+timestamp} %{component->} [%{pid}]: %{log_level->} [%{jail}] %{action} %{ip|ip} - %{} %{}"
+        field: "message"
+        target_prefix: "fail2ban"
+    - dissect:
+        when:
+          contains:
+            message: "NOTICE"
+        tokenizer: "%{+timestamp} %{+timestamp} %{component->} [%{pid}]: %{log_level->} [%{jail}] %{action} %{ip|ip}"
+        field: "message"
+        target_prefix: "fail2ban"
+
-- 
cgit v1.2.3