During the utilization of this in my lab, I found that there is be a need for the hostname presence on the message. Thus, in a multi-server scenario, there will be an order on the messages about their origin.
Upon some tests, I have found that this can be done by adding the $(hostname -f) variable in the value of the text key on the slack-notify.conf, like the example below:
actionstart = curl -X POST --data-urlencode "payload={\"text\": \"[$(hostname -f)]: Fail2Ban (<name>) jail has started\", \"channel\": \"#<slack_channel>\" }" '<slack_webhook_url>'
As a point of reference, for me to be able help, I would like to quote my version with the hostname added:
#
# Author: Cole Turner
# coleturner.me
# turner.cole@gmail.com
#
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = curl -X POST --data-urlencode "payload={\"text\": \"[$(hostname -f)]: Fail2Ban (<name>) jail has started\", \"channel\": \"#<slack_channel>\" }" '<slack_webhook_url>'
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = curl -X POST --data-urlencode "payload={\"text\": \"[$(hostname -f)]: Fail2Ban (<name>) jail has stopped\", \"channel\": \"#<slack_channel>\" }" '<slack_webhook_url>'
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
actionban = curl -X POST --data-urlencode "payload={\"text\": \"[$(hostname -f)]: Fail2Ban (<name>) banned IP *<ip>* for <failures> failure(s)\", \"channel\": \"#<slack_channel>\" }" '<slack_webhook_url>'
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
actionunban = curl -X POST --data-urlencode "payload={\"text\": \"[$(hostname -f)]: Fail2Ban (<name>) unbanned IP *<ip>* on\", \"channel\": \"#<slack_channel>\" }" '<slack_webhook_url>'
[Init]
init = 'Sending notification to Slack'
# Put the values here without quotation marks
# The channel name should be without the leading # too!
slack_channel = general
slack_webhook_url = https://hooks.slack.com/XXXXXXX
crawc
commented
10 months ago
Hello,
During the utilization of this in my lab, I found that there is be a need for the hostname presence on the message. Thus, in a multi-server scenario, there will be an order on the messages about their origin.
Upon some tests, I have found that this can be done by adding the
$(hostname -f)variable in the value of thetextkey on theslack-notify.conf, like the example below:As a point of reference, for me to be able help, I would like to quote my version with the
hostnameadded: