Add monitoring condition for the logs containing "already banned".

2020-09-26 17:20:04 +09:00 · 2020-09-26 17:20:04 +09:00 · 6b2a5bdf07
parent 4ca2676d47
commit 6b2a5bdf07
1 changed files with 15 additions and 2 deletions
--- a/cookbooks/promtail/templates/etc/promtail/base.yaml
+++ b/cookbooks/promtail/templates/etc/promtail/base.yaml
@ -158,7 +158,7 @@ scrape_configs:
      labels:
        job: fail2ban
        hostname: <%= @HOSTNAME %>
-        level: notice
+        level: info
        __path__: /var/log/fail2ban.log

    pipeline_stages:
@ -168,7 +168,6 @@ scrape_configs:
        - regex:
            expression: '^(?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ [0-9]+:[0-9]+:[0-9]+),[0-9]+ [^:]+: (?P<level>[^ ]+)[^\[]+(?P<message>.+)$'

-
        - timestamp:
            source: timestamp
            format: 2006-01-02 15:04:05
@ -184,6 +183,20 @@ scrape_configs:
        - output:
            source: message

+    - match:
+        selector: '{job="fail2ban"} |~ "already banned"'
+        stages:
+        - regex:
+            expression: '^(?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ [0-9]+:[0-9]+:[0-9]+),[0-9]+ [^:]+: (?P<level>[^ ]+)[^\[]+(?P<message>.+)$'
+
+        - timestamp:
+            source: timestamp
+            format: 2006-01-02 15:04:05
+            location: Asia/Tokyo
+
+        - output:
+            source: message
+
  - job_name: promtail
    static_configs:
    - targets: