Re: Monit built-in Http log for fail2ban

[Martin Pala]

Hi,

the monit logfile is configured with "SET LOGFILE <path|SYSLOG>" … in your case the log goes to syslog, which decides to which file to log the message. Monit's internal webserver is proprietary implementation - it's not mongrel. The failed login attempts are logged with following messages:

    Warning: Client 'xyz' supplied unknown user 'cdb' accessing monit httpd

    Warning: Client 'xyz' supplied wrong password for user 'abc' accessing monit httpd

Regards,

Martin

On Apr 26, 2012, at 2:54 PM, Alex wrote:

I have Setup monit on Centos system an I use on apache "ProxyPass /monit/ http://localhost:2812/" in order to access it

so the url is something like https://domanname/monit/

 

I would like to know is it is possible to protect that url via fail2ban.

I am searching to see if the - internal server ( mongerl as I read in the site) has some sort of log file for failed attempts like apaches "client <HOST>user  authentication failure" so I can catch them with a regex...

 

I use on the config

 

set daemon  60
set logfile syslog facility log_daemon
set mailserver localhost
set mail-format { from: address@hidden }
set alert address@hiddenomname
set httpd port 2812 ADDRESS localhost and
     SSL DISABLE
     PEMFILE  /var/certs/monit.pem
     allow adminname:pass

 

I did try to search for both the logs and mongerl proc but with not luck.

Is there someone who would know how to achieve that or perhaps could think of something else!

 

Br Alex

--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general