Add fail2ban monitor#12251
Merged
mekarpeles merged 3 commits intointernetarchive:masterfrom Apr 3, 2026
Merged
Conversation
cdrini
force-pushed
the
feature/fail2ban-monitor
branch
from
6f0d71d to
2ca265b
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds monitoring support for fail2ban’s nginx-429 jail so the cluster monitoring job can report current “failed” and “banned” counts to Graphite (for Grafana visualization as requested in #12171).
Changes:
- Introduces a
get_fail2ban_counts()helper to query and parse fail2ban jail status. - Adds a scheduled monitoring job to emit Graphite metrics for
nginx-429fail2ban stats. - Updates production/container configuration to make
fail2ban-clientand the host fail2ban socket available to the monitoring container.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/monitoring/fail2ban_monitor.py | New helper to read fail2ban jail status and extract counts. |
| scripts/monitoring/monitor.py | Adds scheduled job to submit fail2ban metrics to Graphite. |
| scripts/monitoring/tests/test_fail2ban_monitor.py | Unit test for parsing fail2ban output. |
| docker/Dockerfile.olbase | Installs fail2ban in the base image to provide fail2ban-client. |
| compose.production.yaml | Mounts host /var/run/fail2ban into the monitoring container. |
mekarpeles
added
dependencies
Member
|
One point about |
This was referenced Apr 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part of #12171
Technical
Monitors the banned and failed. Failed is IPs that have failed the check (in our case I think this means IPs that have had a recent 429). Banned is IPs that have had enough 429s to be jailed.
Testing
Screenshot
Stakeholders