summaryrefslogtreecommitdiff
path: root/fail2ban.yml
blob: bdec7750bbd2ba5b45b49ad84257c8402535c31f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

- type: filestream
  id: fail2ban
  enabled: true
  paths:
    - /var/log/fail2ban.log
  include_lines: ['Ban','Unban','Found']
  processors:
    - add_tags:
        tags: ['fail2ban']
        target: "service.type"
    - add_tags:
        tags: ['fail2ban']
        target: "event.module"
    - add_tags:
        tags: ['intrusion_detection']
        target: "event.category"
    - dissect:
        when:
          contains:
            message: "INFO"
        tokenizer: "%{+timestamp} %{+timestamp} %{component->} [%{pid}]: %{log_level->} [%{jail}] %{action} %{ip|ip} - %{} %{}"
        field: "message"
        target_prefix: "fail2ban"
    - dissect:
        when:
          contains:
            message: "NOTICE"
        tokenizer: "%{+timestamp} %{+timestamp} %{component->} [%{pid}]: %{log_level->} [%{jail}] %{action} %{ip|ip}"
        field: "message"
        target_prefix: "fail2ban"
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-09 12:04:31 +0000