Dashboard
Your ext. IP:
Loading…
Filter Debug
Filter content is shown read-only. Click 'Edit' to modify for testing. Changes are temporary and not saved.
Please authenticate to access the management interface
Redirecting to login...
Secure authentication via OpenID Connect
Filter content is shown read-only. Click 'Edit' to modify for testing. Changes are temporary and not saved.
Only alphanumeric characters, dashes, and underscores are allowed.
Selecting a filter will auto-populate the jail configuration.
Jail configuration will be auto-populated when you select a filter.
Only alphanumeric characters, dashes, and underscores are allowed.
If left empty, an empty filter file will be created.
Register remote Fail2ban instances and choose how the UI connects to them.
Jail:
Country distribution and recurring offenders.
Top origins for the selected time range.
IP addresses repeatedly triggering Fail2ban.
Drag to rotate, scroll to zoom.
Create an index template in Kibana Dev Tools or via the API so Elasticsearch maps the fields correctly:
PUT _index_template/fail2ban
{
"index_patterns": ["fail2ban-events-*"],
"template": {
"settings": {
"number_of_shards": 1,
"number_of_replicas": 0
},
"mappings": {
"properties": {
"@timestamp": { "type": "date" },
"event.kind": { "type": "keyword" },
"event.type": { "type": "keyword" },
"source.ip": { "type": "ip" },
"source.geo.country_iso_code": { "type": "keyword" },
"observer.hostname": { "type": "keyword" },
"fail2ban.jail": { "type": "keyword" },
"fail2ban.failures": { "type": "keyword" },
"fail2ban.whois": { "type": "text" },
"fail2ban.logs": { "type": "text" }
}
}
}
}
Fail2ban-UI sends ECS-compatible documents. Each ban/unban event is indexed to fail2ban-events-YYYY.MM.DD:
{
"@timestamp": "2026-02-14T12:00:00Z",
"event.kind": "alert",
"event.type": "ban",
"source.ip": "1.2.3.4",
"source.geo.country_iso_code": "CN",
"observer.hostname": "webserver-01",
"fail2ban.jail": "sshd",
"fail2ban.failures": "5",
"fail2ban.whois": "...",
"fail2ban.logs": "..."
}
Use an API key (preferred) or basic auth with a user that has write access to the fail2ban-events-* indices. Create an API key in Kibana under Stack Management → API Keys.
Save the Fail2ban-UI settings and test the connection to Elasticsearch by clicking the Test button. (This will create the fail2ban-events-* index and ingests as well the first event.)
In Kibana, go to Stack Management → Data Views → Create data view. Use the pattern fail2ban-events-* as name and as index pattern and select @timestamp as the time field.
In Kibana, go to Discover → Select the fail2ban-events-* index and you should see your first ingested event.