Fail2ban Prometheus Exporter

Go tool to collect and export metrics on Fail2Ban

This is a small exporter project to collect various metrics on how fail2ban is running. The goal being to have that data available in Grafana to generate graphs and fire off alerts.

Metrics are collected using the same mechanism the fail2ban-client uses to connect to the fail2ban-server - a unix socket. This ensures metrics are always consistent with the output of the fail2ban-client.

The exporter can run inside a docker container by mounting the fail2ban-server socket in that container. Read the project documentation for instructions on how to set it up!

Updates ๐Ÿ‘‡

Connect on Startup ๐Ÿ”Œ

The exporter now tries to connect to the #fail2ban socket on startup and will either print an error or the fail2ban version.

This release also included several tasks focused around code health and pipeline improvements.

Fix ๐Ÿฉน

Fixed a bug in the previous release where it wouldn't run on some systems. Solution was to disable CGO in the build pipeline.

Automate Release Process ๐Ÿค–

Automated the entire release process with #goReleaser and removed the CHANGELOG file. Changes for each release are now added to the #gitlab release itself.

Dependencies ๐Ÿงน
Fix Startup Issue ๐Ÿฉน

Small fix: exit with an error exit code when the server fails to start. Thanks to @vetinary1 on Gitlab for raising it!

New CLI Flag ๐Ÿณ๏ธ

Add a new option to quit the exporter on socket errors: F2B_EXIT_ON_SOCKET_CONN_ERROR.

The goal is to allow the exporter to exit when these errors happen and have docker restart it. This makes it more likely these errors will fix themselves ๐Ÿ‘

Breaking Change ๐Ÿชจ

In this update I re-wrote all the CLI flags and environment variables used by the tool. This is obviously a breaking change.

The CLI flags and environment variables used for the tool had grown organically over time and had become a bit inconsistent. This update tries to align them and make them more consistent (both with each other, and with other exporter tools).

Basic Auth ๐Ÿ”’

The exporter now supports basic auth to be required when collecting metrics. New CLI and environment variables were added to support this.

The implementation was interesting, as I decided to store a hashed version of the basic-auth password instead of storing the raw value. This is to avoid leaking the raw password if the system memory is dumped.

There are still other ways the password could leak though (e.g. inspecting the environment variables)

First Contribution ๐Ÿ™Œ

This release includes the first code written by another person!

It adds support for Python2 and adds support for specifying the listen address (e.g. I also added the first example grafana dashboard that people can use to view the metrics this tool exports.

Version 0.4.0 ๐Ÿš€

This release adds support for two new types of metrics: configuration data & text file metrics.

The text file metrics emulates what node_exporter does and allows custom metrics to be collected from a text file. This was added to better support custom metrics such as machine IDs.

This also removes the old database-backed metrics in favour of the new socket-based metrics.

Version 0.3.0 ๐Ÿš€

This small update introduces a new version metric to track the version of both the exporter and the fail2ban server.

Releasing Socket-based metrics ๐Ÿ”Œ

This release launched the first iteration of the new socket-based metrics and deprecated the old database-based metrics. It also introduced a couple of new metrics.

Socket-based metrics ๐Ÿ”Œ

This issue initiated a big shift in how the exporter works: collecting metrics over the fail2ban socket.

One of the users of the tool identified some inconsistencies between the metrics collected by this tool and the metrics reported by fail2ban. After a fair bit of digging into the fail2ban exporter code I found that the database is not a reliable system of record for these metrics.

The solution was to collect metrics over the fail2ban socket. This is how the fail2ban client communicates with the fail2ban server and ensures that all collected metrics are consistent.

This was a really feature to develop because it involved integrating Python code with Golang.

Initial release ๐ŸŽ‰

This is the initial release of the tool!

It is based on collecting metrics from the fail2ban database and exposing them in a format compatible with prometheus.

Hector Smith