search

influxdata / telegraf

Agent for collecting, processing, aggregating, and writing metrics, logs, and other arbitrary data.
https://influxdata.com/telegraf
MIT License
14.59k stars 5.56k forks source link

documentation enhancement - inputs/fail2ban - prevent logging on fail2ban-client runs with sudo #5331

Closed vignemail1 closed 5 years ago

vignemail1 commented 5 years ago

Feature Request

It's a documentation enhancement request.

A way to prevent your logs to be filled with sudo lines when use_sudo = True is used with the inputs/fail2ban plugin.

Proposal:

The current recommandation for sudo with the inputs/fail2ban plugin is:

telegraf ALL=(root) NOEXEC: NOPASSWD: /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *

I would suggest to replace it (or at least as an alternative) by the following example:

Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
telegraf  ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
Defaults!FAIL2BAN !logfile, !syslog, !pam_session

The !logfile, !syslog and !pam_session flags will prevent runs to be logged.

Current behavior:

At every poll (interval = "10s" by default), many lines are added to your logs about each fail2ban-client run, which can fill your filesystem with unnecessary information.

Desired behavior:

To completely suppress the generation of events in the logs at each run.

Use case:

when using the current recommendation for sudo with the fail2ban input, log files are getting filled with sudo pam session and fail2ban-client launch events. That could be prevented.

danielnelson commented 5 years ago

Very good suggestion, we ought to update the documentation for all the plugins using sudo when we do this:

$ ack -l use_sudo --markdown
plugins/inputs/unbound/README.md
plugins/inputs/opensmtpd/README.md
plugins/inputs/pf/README.md
plugins/inputs/varnish/README.md
plugins/inputs/smart/README.md
plugins/inputs/ipset/README.md
plugins/inputs/iptables/README.md
plugins/inputs/fail2ban/README.md

@vignemail1 Would you be able to do this?

vignemail1 commented 5 years ago

@danielnelson As it is my first time, maybe some guidance? Do I need to fork the project and create a pull request as in Github doc and Github Standard Fork & Pull Request Workflow?

danielnelson commented 5 years ago

Yes, this looks right. Optionally, you might also want to install grip which lets you preview how the README files will look on github before committing them.

vignemail1 commented 5 years ago

@danielnelson PR 5337. Have a nice day.