As long as you feed ELK from logstash by reading logs there is no reason that you couldn't attach fail2ban to the same logs. If you plan to forward logs to elk without local files being written you will have problems.
I have been doing a lot on ELK lately. It's a great system and Kibana Dashboards look awesome ;-) Sent from my iPhone > On 07 Aug 2014, at 01:26, Eric Shubert <[email protected]> wrote: > >> On 08/06/2014 03:09 PM, Dan McAllister wrote: >> I am curious -- has anyone looked into a fail2ban implementation for QMT > > On a general note, I believe several people here have implemented f2b on QMT. > You should find discussions and perhaps some other configurations in the list > archives. It'd be nice if people would share their configurations here (even > if they've done so before). > > FWIW, I'm indeed hoping to have a QMT package available for f2b at some > point. This will happen after logging is straightened around though, as f2b > relies on the logs. I'm not yet sure how it'll all look with the ELK stack > for log analysis and reporting, but I will be taking f2b into account as that > progresses. > > Thanks. > > -- > -Eric 'shubes' > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
