merge: add-troubleshooting-section-to-readme
* Merge branch 'add-troubleshooting-section-to-readme' into 'main' * See merge request hectorjsmith/fail2ban-prometheus-exporter!111 * Merged by: Hector <hector@hjs.dev>
This commit is contained in:
commit
a2139d9774
1 changed files with 33 additions and 0 deletions
33
README.md
33
README.md
|
@ -11,6 +11,7 @@ Collect metrics from a running fail2ban instance.
|
|||
3. Configuration
|
||||
4. Building from source
|
||||
5. Textfile metrics
|
||||
6. Troubleshooting
|
||||
|
||||
## 1. Quick Start
|
||||
|
||||
|
@ -204,3 +205,35 @@ docker run -d \
|
|||
-p "9191:9191" \
|
||||
registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
|
||||
```
|
||||
|
||||
## 6. Troubleshooting
|
||||
|
||||
### 6.1. "no such file or directory"
|
||||
|
||||
```
|
||||
error opening socket: dial unix /var/run/fail2ban/fail2ban.sock: connect: no such file or directory
|
||||
```
|
||||
|
||||
There are a couple of potential causes for the error above.
|
||||
|
||||
**File not found**
|
||||
|
||||
The first is that the file does not exist, so first check that the file path shown in the error actually exists on the system running the exporter.
|
||||
The fail2ban server may be storing the socket file in another location on your machine.
|
||||
|
||||
If you are using docker, make sure the correct host folder was mounted to the correct location.
|
||||
|
||||
If the file is not in the expected location, you can run the exporter with the corresponding CLI flag or environment variable to use a different file path.
|
||||
|
||||
**Permissions**
|
||||
|
||||
If the file does exist, the likely cause are file permissions.
|
||||
By default, the fail2ban server runs as the `root` user and the socket file can only be accessed by the same user.
|
||||
If you are running the exporter as a non-root user, it will not be able to open the socket file to read/write commands to the server, leading to the error above.
|
||||
|
||||
In this case there are a few solutions:
|
||||
1. Run the exporter as the same user as fail2ban (usually `root`)
|
||||
2. Update the fail2ban server config to run as a non-root user, then run the exporter as the same user
|
||||
3. Update the socket file permissions to be less restrictive
|
||||
|
||||
I would recommend option `1.` since it is the simplest. Option `2.` is a bit more complex, check the [fail2ban server documentation](https://coderwall.com/p/haj28a/running-rootless-fail2ban-on-debian) for more details. And option `3.` is just a temporary fix. The socket file gets re-created each time the fail2ban server is restarted and the original permissions will be restored, so you will need to update the permissions every time the server restarts.
|
||||
|
|
Loading…
Reference in a new issue