Annoyingly simple daemon that tails the ssh journal and exports failed root login attempts.
Exports the following metrics:
ssh_failed_total{family="1|2"}
: all failed attempts (including root)ssh_failed_root_total{family="1|2"}
: failed attempts where the user is rootssh_sucess_total{}
: all successful logins
The total also includes the root user, the root_total is the subset that counts root only. If family is 1 it's a connection over IPv4, with 2 it's IPv6.
Every occurence of Failed password for .... from .... port ... ssh2
is counted as a failed
attempt.
Every session opened for user
is counted as a success.
It tails the log using the 'fuck you' (-fu) option of journalctl.