https://blog.wgz.sh/tags/observability/ Recent content in Observability on wgz.sh Hugo -- 0.153.1 en-us Wed, 31 Dec 2025 15:49:37 -0500 https://blog.wgz.sh/posts/fail2ban-logging/ Wed, 31 Dec 2025 15:49:37 -0500 https://blog.wgz.sh/posts/fail2ban-logging/ <p>Hello everyone!</p> <p>Today I wanted to discuss how I&rsquo;m keeping track of Fail2ban logs on my Proxmox cluster.</p> <p>For those of you who don&rsquo;t know what <a href="https://github.com/fail2ban/fail2ban">Fail2ban</a> is, it is a simple program that can automatically ban threats via iptables by parsing log files and scanning for regex patterns.</p> <p>Here is a sample file that can be parsed:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#f92672">[</span>Definition<span style="color:#f92672">]</span> </span></span><span style="display:flex;"><span>failregex <span style="color:#f92672">=</span> pvedaemon<span style="color:#ae81ff">\[</span>.*authentication failure; rhost<span style="color:#f92672">=</span>&lt;HOST&gt; user<span style="color:#f92672">=</span>.* msg<span style="color:#f92672">=</span>.* </span></span><span style="display:flex;"><span>ignoreregex <span style="color:#f92672">=</span> </span></span></code></pre></div><p>And here is the the jail configuration:</p>