All dashboards

Fail2Ban Logs

Fail2Ban log analyses based on Loki and Promtail.

Fail2Ban Logs screenshot 1

This Dashboard uses loki and promtail to scrape fail2ban logs. You need separate loki and promtail instances running to serve the data for Grafana. You can rename the labels to arbitrary values - the Dashboard supports selection based on labels.
I do use the solution with a fail2ban docker image, so mind this when reading through the docs.
The dashboard and the config are mostly based on this great gist and this piece.
This is the docker-compose.yml I use:

yaml 
version: '3'  

services:

  fail2ban:
    image: crazymax/fail2ban:latest
    container_name: fail2ban
    restart: "unless-stopped"
    network_mode: "host"
    cap_add:
      - NET_ADMIN
      - NET_RAW
    volumes:
      # stores filter.d, action.d and jail.d folders
      - ./fail2ban-data:/data
      # accesses logs from host machine
      - /var/log:/var/log:ro
      - /var/lib/docker/containers/:/container-logs/:ro
      - /etc/localtime:/etc/localtime:ro
      # shared folder for logs
      - ./fail2ban-logs:/fail2ban-logs
    environment:
      # reroute log to fail2ban.log file
      - F2B_LOG_TARGET=/fail2ban-logs/fail2ban.log
      - F2B_LOG_LEVEL=INFO
      - F2B_DB_PURGE_AGE=1d
      - F2B_MAX_RETRY=3
    logging:
      driver: "json-file"
      options:
        max-size: "5m"
        max-file: "10"

  promtail:
    image: grafana/promtail:latest
    container_name: promtail
    restart: unless-stopped
    command: -config.file=/etc/promtail/docker-config.yaml
    volumes:
      # folder for promtail config
      - ./promtail:/etc/promtail
      # accesses fail2ban shared folder
      - ./fail2ban-logs:/var/log/fail2ban:ro

  loki:
    image: grafana/loki:main
    container_name: loki
    restart: always
    ports:
      - 3100:3100
    volumes:
      - ./loki:/loki

And this is used for the ./promtail/docker-config.yaml:
(Please feel free to adjust instance, app and env labels according to your preferences)

yaml 
server:
  http_listen_port: 9080
  grpc_listen_port: 0
positions:
  filename: /tmp/positions.yaml
clients:
  - url: http://loki:3100/loki/api/v1/push
scrape_configs:

  - job_name: fail2ban
    static_configs:
      - targets:
        - localhost
        labels:
          __path__: /var/log/fail2ban/fail2ban.log
          instance: your-instance-identifier
          app: fail2ban
          env: test-env
    pipeline_stages:
      - multiline:
          firstline: '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}'
      - regex:
          expression: >-
            ^(?s)(?P<time>\S+? \S+?)
            (fail2ban\.)(?P<component>\S+)\s*
            \[(?P<pid>\S+)\]:
            (?P<priority>\S+)\s*
            (?P<message>.*?)$
      - timestamp:
          source: time
          format: '2006-01-02 15:04:05,000'
      - labels:
          component:
          priority:
      - output:
          source: message
      # Extract jail from message, if present
      - match:
          # Note: backticks do not work in promtail, so weird escaping is needed
          selector: '{job="fail2ban"} |~ "\\\\[\\\\S+\\\\] .*"'
          stages:
            - regex:
                expression: '(\[(?P<jail>\S+)\] )?(?P<message>.*?)$'
            - labels:
                jail:
            - output:
                source: message
      - labeldrop:
          - filename
Revisions
RevisionDescriptionCreated
Google Cloud logs

Google Cloud logs

by Grafana Labs
Grafana Labs solution

Easily monitor Google Cloud logs with Grafana Cloud's out-of-the-box monitoring solution.

Learn more

Get this dashboard

Import the dashboard template

or

Download JSON

Datasource
Dependencies
Resources
Docs: Importing dashboards Webinar: Getting started with Grafana dashboard design Webinar: Building advanced Grafana dashboards