search

buanzo / fail2ban-zmq-tools

A zeromq-based fail2ban clustering solution
GNU General Public License v2.0
29 stars 4 forks source link

fail2ban #2

Open bnkcrypt opened 6 years ago

bnkcrypt commented 6 years ago

Hi I like your project would like to know does it work in Active - Active or master -slave

buanzo commented 6 years ago

In a cluster of N nodes (that all run fail2ban), you need:

ONE publisher. N monitors N subscribers

The monitor MONITORS /var/log/fail2ban.log and sends Ban/UnBans to publisher. Subscribers receive what the Publisher broadcast.

Does that answer your qyestion? Because standard active/passive master/slave does not really 'fit' into fail2ban architecture.

m-ueberall commented 6 years ago

For the record–in case you wondered whether it's possible to have more than one publisher (e.g., for redundancy purposes): Yes it is, but you'll need to modify the code accordingly (see https://stackoverflow.com/q/6700149/6145758).

buanzo commented 5 years ago

For the record–in case you wondered whether it's possible to have more than one publisher (e.g., for redundancy purposes): Yes it is, but you'll need to modify the code accordingly (see https://stackoverflow.com/q/6700149/6145758).

This is a great tip. I hope to integrate the support someday. Thanks!