fail2ban monitoring
we should monitor fail2ban everywhere. in tpo/web/donate#17, we are setting up monitoring specifically for donate, but this should apply more generally to every jail, everywhere.
in particular, we should alert when it's not setup properly.
there are two exporters i know of:
| Project | Language | Description | Debian package |
|---|---|---|---|
| vdcloudcraft/fail2ban-geo-exporter | Python | per IP/location counters | no |
| hectorjsmith/fail2ban-prometheus-exporter | Golang | per jail bans, matches, errors | RFP 1064925 |
right now I built a mtail-based parser specifically for donate, in tpo/web/donate#17, we'll see how it behaves. it's not enough to warn about errors, for example.