
Slack notifications for Fail2Ban - colept
http://blog.coleturner.me/post/138894760556/slack-notifications-for-fail2ban
======
dhoe
On my very insignificant server, fail2ban has banned around 400 IP addresses
in 2016, so far. What actionable information would I have received by having a
disruptive notification about it?

~~~
danieltillett
None. It is the attacks that don't get banned that you want to know about.

On this topic does anyone know if there is something simple that will tell you
if a new IP address logs in or a new process is started?

~~~
notfoss
For new IP addresses, you can write a script to monitor your auth.log file.

------
mrmondo
Good idea. I'd rather see it use something standard like XMPP and then people
can connect it to propriety apps like slack if they so wish.

~~~
mseebach
It's super easy, you just change the URLs to the REST API of your XMPP server?

~~~
kuschku
Why? XMPP is already a simple protocol, just use that. No need to implement a
proprietary REST protocol here.

------
xafke
I did something similar a while back but used a PHP script to send the
notifications to Slack: [https://savjee.be/2015/09/Sending-fail2ban-
notifications-and...](https://savjee.be/2015/09/Sending-fail2ban-
notifications-and-others-to-slack-chat-channel/)

------
delibes
Well OK, but I'm not sure I get the point.

Surely just feed all logs into Splunk or Logstash or similar? Most monitoring
systems have plugins to alert via Slack now.

