We all know that Fail2ban can be used to keep track of log entries to ban unwanted hackers doing brutal force login, and that logs of LibreNMS are stored in the log file: /opt/librenms/logs/librenms.log. But how can I make use of LibreNMS log file info to block brutal force login since there is no ip address entry in the log file? Below is one of the many login-failed entries I found in the log file:
[2020-11-23 21:40:51] production.ERROR: Auth Error (mysql): No user () [admin]
Obviously, there was an unwelcome user ( I am sure I didn’t do this…) who tried to login (but in vain) by using the admin account. Can anyone tell me how to block brutal force web login to LbreNMS by using fail2ban? Thank you!