Good question. My fail2ban messages are configured to go
to /var/log/fail2ban.log
I suspect your previous reply about modifications
to /usr/share/logwatch/default.conf/services/fail2ban.conf etc.
are not correct under my circumstances!
I should have said I have a modified /var/fail2ban/fail2ban.conf, as
follows:
# logtarget = SYSLOG
logtarget = /var/log/fail2ban.log
Also I have the file /etc/logrotate.d/fail2ban containing:
/var/log/fail2ban.log {
missingok
notifempty
size 30k
create 0600 root root
postrotate
/usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log
2> /dev/null || true
endscript
}
The original contained:
postrotate
/usr/bin/fail2ban-client set logtarget SYSLOG 2> /dev/null ||
true
Perhaps I should have said I'm also receiving email from Anacron
containing this cryptic message:
/etc/cron.daily/logrotate:
Current logging target is:
`- /var/log/fail2ban.log
This is new and I presume it is from the fail2ban-client set logtarget
during log rotation. Although I don't think the message is send every
day. Perhaps only when fail2ban.log exceeds 30K.
Thanks for your help. You will excuse an old man for forgetting what I
have done in the past to tweak f2b.
On Fri, 2015-10-09 at 10:02 -0500, Harrison Johnson wrote:
> Are you sending fail2ban messages to a fail2ban logfile in
> the /var/log? Or are the messages going into the journal?
> On Thu, 2015-10-08 at 12:59 +0100, Charles Bradshaw wrote:
> > Hi All,
> >
> > I'm running a regularly updated version of CentOS and fail2ban as below.
> >
> > # cat /etc/redhat-release
> > CentOS release 6.7 (Final)
> >
> > # fail2ban-server -V
> > Fail2Ban v0.9.2
> > ...
> >
> > Following a recent update I no longer see any fail2ban logwatch reports.
> > I used to get daily summary reports of the number of bans for each jail.
> >
> > My logwatch detail is set to low and if I run from the command line:
> > # logwatch --print --detail Low --service fail2ban --range today
> > nothing reported.
> >
> > detail Medium and High produce similar verbose reports:
> > # logwatch --print --detail Medium --service fail2ban --range today
> >
> > ################### Logwatch 7.3.6 (05/19/07) ####################
> > Processing Initiated: Thu Oct 8 12:56:11 2015
> > Date Range Processed: today
> > ( 2015-Oct-08 )
> > Period is day.
> > Detail Level of Output: 5
> > Type of Output: unformatted
> > Logfiles for Host: dell2600-1.bradcan.homelinux.com
> > ##################################################################
> >
> > --------------------- fail2ban-messages Begin ------------------------
> >
> > **Unmatched Entries**
> > 2015-10-08 00:05:52,019 fail2ban.filter [3890]: INFO
> > [forum-noregister] Found 219.132.8.150
> > ... and lots more
> >
> >
> > Obviously fail2ban is still running fine and I see root emails for those
> > jails for which detail reports are enabled. Some of my jails result in
> > hundreds of bans per day, these don't email and I would like to
> > re-instate the logwatch reports.
> >
> > Does anybody know what changed, and perhaps more importantly, how to fix
> > the reports?
> >
> > Thanks in advance.
> >
> > ------------------------------------------------------------------------------
> > _______________________________________________
> > Fail2ban-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
