Log and MonitoringWeb Application Security

Fail2ban Attack monitor with Grafana


Fail2ban Attack Monitor allows you to see the source of the attacks that fail2ban blocks


This is a personal project that I am developing to improve the blocking capacity that the firewalls that I manage have. It has no intention of becoming a popular tool and I also cannot guarantee that it will work for your scenario.

Tools used

Tool Version
Python 3.8
InfluxDB 0.10.0
Grafana 7.1.5
IPinfo API

How to configure (Ubuntu)

Install influxDB

apt install influxdb influxdb-client

Create database

curl -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE fail2ban"

Install script

Clone project

git clone github.com/bsd0x/fail2ban-attack-monitoring

Install requirements

pip install -r requirements.txt

Add your jails name in config.ini

jails = sshd, ftpd

Execute script

python main.py

Crontab example

0 */1 * * * root cd /root/fail2ban-attack-monitor/ && python3 main.py && echo $(date) >> /var/log/fail2ban-monitor-log.log

Grafana with wordmap panel

Query example


Wordmap example


Geohash field example


Download Fail2ban-attack-monitor

Fawkes – SQL injection scanner

Previous article

JWTRipper – Encoding Decoding and Brute-forcing JSON Web Token(JWT)

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *