Re: [Monitorix-general] fail2ban filter for Monitorix

[Jordi S. <jo...@fi...>]

Sure, this filter probably lacks things here and there and it's far from 
being perfect, but it's a good start overall and works well for the 
majority of cases.

Feel free to improve it!

Regards.


On 4/4/20 10:04 AM, Narcis Garcia via Monitorix-general wrote:
> I've looked failures logged and I see it's recording source traffic IP
> but not visitor's one if it comes through a proxy (X-Forwarded-For):
> 
> $ sudo cat /var/log/monitorix-httpd | grep -ie AUTHERR
> Thu Apr  2 16:14:35 2020 - AUTHERR - [192.168.1.33] Authentication
> error: /monitorix/
> 
> This will produce fail2ban to block all visitors from same HTTP proxy.
> 
> I also want to warn about NOTEXIST key to filter:
> $ sudo cat /var/log/monitorix-httpd | grep -ie NOTEXIST
> Thu Apr  2 08:55:28 2020 - NOTEXIST - [192.168.1.33] File does not exist: /
> Sat Apr  4 09:50:16 2020 - NOTEXIST - [192.168.1.33] File does not
> exist: /favicon.ico
> Sat Apr  4 09:51:21 2020 - NOTEXIST - [192.168.1.33] File does not
> exist: /monitoric
> 
> 
> Thank you;
> 
> Narcis Garcia


-- 
Jordi Sanfeliu
FIBRANET Network Services Provider
https://www.fibranet.cat