Add monitoring condition for the logs containing "already banned".

This commit is contained in:
Kazuhiro MUSASHI 2020-09-26 17:20:04 +09:00 committed by Gitea
parent 4ca2676d47
commit 6b2a5bdf07
1 changed files with 15 additions and 2 deletions

View File

@ -158,7 +158,7 @@ scrape_configs:
labels: labels:
job: fail2ban job: fail2ban
hostname: <%= @HOSTNAME %> hostname: <%= @HOSTNAME %>
level: notice level: info
__path__: /var/log/fail2ban.log __path__: /var/log/fail2ban.log
pipeline_stages: pipeline_stages:
@ -168,7 +168,6 @@ scrape_configs:
- regex: - regex:
expression: '^(?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ [0-9]+:[0-9]+:[0-9]+),[0-9]+ [^:]+: (?P<level>[^ ]+)[^\[]+(?P<message>.+)$' expression: '^(?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ [0-9]+:[0-9]+:[0-9]+),[0-9]+ [^:]+: (?P<level>[^ ]+)[^\[]+(?P<message>.+)$'
- timestamp: - timestamp:
source: timestamp source: timestamp
format: 2006-01-02 15:04:05 format: 2006-01-02 15:04:05
@ -184,6 +183,20 @@ scrape_configs:
- output: - output:
source: message source: message
- match:
selector: '{job="fail2ban"} |~ "already banned"'
stages:
- regex:
expression: '^(?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ [0-9]+:[0-9]+:[0-9]+),[0-9]+ [^:]+: (?P<level>[^ ]+)[^\[]+(?P<message>.+)$'
- timestamp:
source: timestamp
format: 2006-01-02 15:04:05
location: Asia/Tokyo
- output:
source: message
- job_name: promtail - job_name: promtail
static_configs: static_configs:
- targets: - targets: