Full installation and use guides are available in:
This app is maintained by Guilhem Marchand (see author). Suggestions and bug reports are appreciated.
Please note you need some Splunk addons:
- Sideview utils addon - V2
- Google Maps addon
- Maxmind geo location addon
You will need to create appropriate dedicated index and apply required input to begin analyzing Fail2ban events reporting.
Also, some configurations steps are required to be able to use this application, please installation guides above
Main functionalities:
Following field are being extracted from Fail2ban events:
Full installation and use guides are available in:
To install, extract the .spl file in $SPLUNK_HOME/etc/apps
To get all this working, you have several steps to proceed:
Fail2ban / Syslog Configurations steps:
V2.04:
- Corrected Event Search Interface
V2.03:
- Home page Realtime window change
- Minor corrections
V2.02:
- Code cleaning
- Views improvement
- Hide info message when subsearches running in realtime
V2.01:
- Added System Dashboard
- Correction in event search interface
- Other smalls corrections and screenshot place change in views
V2.0:
Version 2.0, interfaces have been fully rewrited:
- Home page with Realtime Overview summary and centralized links to other interfaces
- Rewritten Activity Overview interface
- Added support to stats and chart attempted connect username (SSH wrong user and invalid user)
V2.03:
- Home page Realtime window change
- Minor corrections
V2.02:
- Code cleaning
- Views improvement
- Hide info message when subsearches running in realtime
V2.01:
- Added System Dashboard
- Correction in event search interface
- Other smalls corrections and screenshot place change in views
V2.0:
Version 2.0, interfaces have been fully rewrited:
- Home page with Realtime Overview summary and centralized links to other interfaces
- Rewritten Activity Overview interface
- Added support to stats and chart attempted connect username (SSH wrong user and invalid user)
release notes:
V2.02:
- Code cleaning
- Views improvement
- Hide info message when subsearches running in realtime
V2.01:
- Added System Dashboard
- Correction in event search interface
- Other smalls corrections and screenshot place change in views
V2.0:
Version 2.0, interfaces have been fully rewrited:
- Home page with Realtime Overview summary and centralized links to other interfaces
- Rewritten Activity Overview interface
- Added support to stats and chart attempted connect username (SSH wrong user and invalid user)
V2.01:
- Added System Dashboard
- Correction in event search interface
- Other smalls corrections and screenshot place change in views
V2.0:
Version 2.0, interfaces have been fully rewrited:
- Home page with Realtime Overview summary and centralized links to other interfaces
- Rewritten Activity Overview interface
- Added support to stats and chart attempted connect username (SSH wrong user and invalid user)
Version 2.0, interfaces have been fully rewrited:
- Home page with Realtime Overview summary and centralized links to other interfaces
- Rewritten Activity Overview interface
- Added support to stats and chart attempted connect username (SSH wrong user and invalid user)
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.