I first thought about this a long time ago: http://blogs.buanzo.com.ar/2011/06/proactive-protection-enhancements-for-fail2ban-part-1.html
The idea was to config a jail with a special set of actions, monitoring fail2ban.log itself from within fail2ban. If this idea is better, then good. Can you give me more details on your REST solution? On Thu, Jul 30, 2015 at 11:52 AM, Sean DuBois <s...@siobud.com> wrote: > On Thu, Jul 30, 2015 at 12:38:10PM +0100, Darac Marjal wrote: > > On Wed, Jul 29, 2015 at 08:38:24PM -0300, Arturo 'Buanzo' Busleiman > wrote: > > > Hi team, > > > > > > I just finished implementing a simple tool that monitors > fail2ban.log for > > > ban/unbans, > > > and uses zeromq to distribute that information to zeromq > subscribers. > > > > A question for you: Why does the tool monitor the fail2ban log? Why not > > design it as an action which could be added to the existing actions for > > a jail? > > > > > > > > i know there are other ideas out there for this need, but zeromq > looked > > > appropiate enough, and is well supported on Debian/Ubuntu for > python3 > > > I have to polish the code, add docs, and also try configuring it as > a > > > fail2ban action instead of an ad-hoc app that monitors the log, but > it is > > > working. > > > > > > If anyone wants to help me polish and test it, that'd be awesome. > > > > > > cheers > > > > > > ------------------------------------------------------------------------------ > > > > > _______________________________________________ > > > Fail2ban-users mailing list > > > Fail2ban-users@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > > -- > > For more information, please reread. > > > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > > Fail2ban-users mailing list > > Fail2ban-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > If it is a banaction you still have the problem of handing it out to the > other servers though. A small script could solve that problem, but best > to avoid custom solutions. > > I ran into this same issue and ended up putting a little REST server on > top of fail2ban (using the socket that fail2ban-client uses) and if > something is banned on one server hit the API of all its siblings. > > > ------------------------------------------------------------------------------ > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
