Ubuntu 22.04 and Zabbix 6 are not reporting correct f2b status

[aries223]

Seems that Ubuntu 22.04 and Zabbix 6 are not reporting correct f2b status. Zabbix shows the service as "Down" when in fact it is confirmed as Up.

root@aaaaaa:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-12-01 18:52:51 PST; 7min ago
       Docs: man:fail2ban(1)
   Main PID: 4077 (fail2ban-server)
      Tasks: 17 (limit: 19118)
     Memory: 14.1M
        CPU: 3.243s
     CGroup: /system.slice/fail2ban.service
             └─4077 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Dec 01 18:52:51 aaaaa.com systemd[1]: Started Fail2Ban Service.
Dec 01 18:52:51 aaaaa.com fail2ban-server[4077]: Server ready

Zabbix:

Timestamp | Fail2Ban service is running
-- | --
2022-12-01 19:01:38 | Down (0)
2022-12-01 19:00:38 | Down (0)
2022-12-01 18:59:38 | Down (0)

zabbix_server (Zabbix) 6.2.3 Ubuntu version: 22.04.1

[aries223]

Any ideas?

[hermanekt]

Hi this is a problem with item key. This item using this key: proc.num[python3,,,fail2ban-server] If your fail2ban service have different name you have your DOWN (0) message. Zero means no process is running or found. Check your correct name with this command ps -x | grep fail2ban and send me your output.

Example from Debian 11: root@hosting1:~# ps -x | grep fail2ban 757 ? Ssl 710:09 /usr/bin/python3 /usr/bin/fail2ban-server -xf start 891262 pts/0 S+ 0:00 grep fail2ban`

Zabbix Agent 2 test with number 1 (our service exist and running) root@hosting1:~# zabbix_agent2 -t proc.num[python3,,,fail2ban-server] proc.num[python3,,,fail2ban-server] [s|1] Tom

[aries223]

My output is this:

root@redacted:~# ps -x | grep fail2ban
581 ?        Ssl   19:51 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
311659 pts/1    S+     0:00 grep --color=auto fail2ban

[aries223]

Any thoughts?

[aries223]

Seems that the newer Ubuntu 22.04reports it differently: (both services are varified to be up and working correctly)

20.04.5: root@redacted:~# ps -x | grep fail2ban 51552 ? Ssl 65:28 /usr/bin/python3 /usr/bin/fail2ban-server -xf start 1337921 pts/0 S+ 0:00 grep --color=auto fail2ban

22.04.1: root@redacted:~# ps -x | grep fail2ban 40373 ? Ssl 6:33 /usr/bin/python3 /usr/bin/fail2ban-server -xf start 131491 pts/1 R+ 0:00 grep --color=auto fail2ban

[hermanekt]

Please try this two commands:

zabbix_agent2 -t proc.num[python3,,,fail2ban-server] and zabbix_agent -t proc.num[python3,,,fail2ban-server]

Are you sure about using ubuntu template? https://github.com/hermanekt/zabbix-fail2ban-discovery-/blob/master/Template-Fail2ban50-UBUNTU20.xml

Tom

[aries223]

Both servers respond: Command 'zabbix_agent' not found

I have deleted the Fail2ban template and replaced with the one you linked above. Appears to be working now.

Only issue I notice is that when creating a graph you cannot add all the Jails seperatly. The only available option is "Fail2ban $1 banned IPs" which seems to have all the jails with banned ips in one. This doesnt allow you to see the different Jails in a graph with their respective names. It does seem to be seperate options when usng Classic Graph or Prototype.

How can we seperatly add the Jails, weather it has banned ips or not, as different datasets in a graph?