Graylog with fail2ban


(Alfredo) #1

Hi all.
We are going to set up fail2ban on our systems (centos 7) and and I wonder how can I configure the rsyslog for fail2ban to send all its logs to graylog.

Cheers


(Kevin Pointer) #2

Setup a fail2ban.local file in /etc/fail2ban and put:

[Definition]

logtarget = SYSLOG

All the fail2ban logs will go to syslog instead of the /var/log/fail2ban.log file, and you just forward your rsyslog logs to graylog.


(Alfredo) #3

Hi all.

Does anybody implemented this?

Cheers


(Alfredo) #4

Hi Kevin et all.Sorry I didn’t see this.
Thanks heaps. I will give it a try.

cheers


(Alfredo) #5

Hi Kevin.

I did that (logtarget = SYSLOG) but not sure how to configure the rsyslog facility to forward all the f2b logs to graylog.

Any examples?

Cheers


(Kevin Pointer) #6

https://marketplace.graylog.org/addons/a47beb3b-0bd9-4792-a56a-33b27b567856 describes some ways of forwarding rsyslog to graylog.


(system) #7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.