Graylog with fail2ban

(Alfredo) #1

Hi all.
We are going to set up fail2ban on our systems (centos 7) and and I wonder how can I configure the rsyslog for fail2ban to send all its logs to graylog.


(Kevin Pointer) #2

Setup a fail2ban.local file in /etc/fail2ban and put:


logtarget = SYSLOG

All the fail2ban logs will go to syslog instead of the /var/log/fail2ban.log file, and you just forward your rsyslog logs to graylog.

(Alfredo) #3

Hi all.

Does anybody implemented this?


(Alfredo) #4

Hi Kevin et all.Sorry I didn’t see this.
Thanks heaps. I will give it a try.


(Alfredo) #5

Hi Kevin.

I did that (logtarget = SYSLOG) but not sure how to configure the rsyslog facility to forward all the f2b logs to graylog.

Any examples?


(Kevin Pointer) #6 describes some ways of forwarding rsyslog to graylog.

(system) #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.