Dear Fail2Ban community, I have the issue similar to [1] and [2], namely the mail generated by apache-proxy jail does not contain log lines (it ends with "Lines containing failures of 180.180.243.133"). If I grep this IP address in Apache logs, I find the following relative lines:
# grep 180.180.243.133 /var/log/apache2/error.log [Mon Jul 01 09:50:36.132769 2019] [proxy:error] [pid 22642:tid 140446185494272] [client 180.180.243.133:26984] AH02219: access to /usr/lib/cgi-bin/index.php failed, reason: access forbidden [Mon Jul 01 09:50:36.370058 2019] [proxy:error] [pid 22642:tid 140446143530752] [client 180.180.243.133:26984] AH02219: access to /usr/lib/cgi-bin/awstatstotals.php failed, reason: access forbidden Lines from /var/log/fail2ban.log showing that IP was banned: 2019-07-01 09:50:23,108 fail2ban.filter [901]: INFO [apache-proxy] Found 180.180.243.133 - 2019-07-01 09:50:23 2019-07-01 09:50:36,139 fail2ban.filter [901]: INFO [apache-proxy] Found 180.180.243.133 - 2019-07-01 09:50:36 2019-07-01 09:50:36,382 fail2ban.filter [901]: INFO [apache-proxy] Found 180.180.243.133 - 2019-07-01 09:50:36 2019-07-01 09:50:36,803 fail2ban.actions [901]: NOTICE [apache-proxy] Ban 180.180.243.133 My setting in /etc/fail2ban/paths-common.conf: apache_error_log = /var/log/apache2/*error.log apache_access_log = /var/log/apache2/*access.log Any help how to debug the issue is appreciated. P.S. I have other jails which report log lines correctly. I am running fail2ban v0.10.2. [1] https://sourceforge.net/p/fail2ban/mailman/message/35237608/ [2] https://sourceforge.net/p/fail2ban/mailman/message/35374357/ -- With best regards, Dmitry _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
