fail2ban is running but no fail2ban.log log file exists for it
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I've set up fail2ban on a centos VPS used for a few mail accounts among other things and want to check that everything is running smoothly. According to fail2ban-client status everything is running as expected on dovecot, exim, and ssh, but there's no log file in the expected place (/var/log/fail2ban.log), and find / -name fail2ban.log finds nothing.
fail2ban-client get loglevel returns Current logging level is 'INFO', and fail2ban-client get logtarget returns Current logging target is:- SYSLOG. Based on this, it should be logging in the default location, which all the docs and guides I've found say is /var/log/fail2ban.log, but no log file is there.
There have been many of the usual probes on dovecot since setting fail2ban up including many from repeat IPs, so it's not like fail2ban has had nothing to do.
How can I investigate why fail2ban has not got any log file and appears to be failing to log? Searches uncovered a few people posting about similar problems on a few forums but no solutions I could see.
logs fail2ban
asked Jan 10 '17 at 15:29
user568458user568458
11815
|
show 1 more comment
I've set up fail2ban on a centos VPS used for a few mail accounts among other things and want to check that everything is running smoothly. According to fail2ban-client status everything is running as expected on dovecot, exim, and ssh, but there's no log file in the expected place (/var/log/fail2ban.log), and find / -name fail2ban.log finds nothing.
fail2ban-client get loglevel returns Current logging level is 'INFO', and fail2ban-client get logtarget returns Current logging target is:- SYSLOG. Based on this, it should be logging in the default location, which all the docs and guides I've found say is /var/log/fail2ban.log, but no log file is there.
There have been many of the usual probes on dovecot since setting fail2ban up including many from repeat IPs, so it's not like fail2ban has had nothing to do.
How can I investigate why fail2ban has not got any log file and appears to be failing to log? Searches uncovered a few people posting about similar problems on a few forums but no solutions I could see.
logs fail2ban
asked Jan 10 '17 at 15:29
user568458user568458
11815
2
The location of the log depends on yoursyslogimplementation and configuration. Did you look in/var/log/messageswhich is now the most common place. Note that troubleshootingfail2banis not an easy task unless you make a good effort in understanding how it works.
– Julie Pelletier
Jan 10 '17 at 15:35
Which CentOS version do you use? Does it includesystemd?
– Tombart
Jan 10 '17 at 15:38
I don't have a/var/log/messagesdirectory, and a system-widefinddidn't find it, so I'm pretty sure it's not being created, rather than I'm looking in the wrong place.rpm --query centos-releasegivescentos-release-6-7.el6.centos.12.3.x86_64, no systemd
– user568458
Jan 10 '17 at 15:41
/var/log/messagesis a file, not a directory. can you paste the contents of/var/log?
– schaiba
Jan 10 '17 at 15:43
@schaiba Oops, yes I do have that file and it does contain fail2ban logging messages. Looks like I was simply looking at out-of-date docs and discussions that all talked about a standalone fail2ban.log file, /var/log/messages is the answer
– user568458
Jan 10 '17 at 15:47
|
show 1 more comment
I've set up fail2ban on a centos VPS used for a few mail accounts among other things and want to check that everything is running smoothly. According to fail2ban-client status everything is running as expected on dovecot, exim, and ssh, but there's no log file in the expected place (/var/log/fail2ban.log), and find / -name fail2ban.log finds nothing.
fail2ban-client get loglevel returns Current logging level is 'INFO', and fail2ban-client get logtarget returns Current logging target is:- SYSLOG. Based on this, it should be logging in the default location, which all the docs and guides I've found say is /var/log/fail2ban.log, but no log file is there.
There have been many of the usual probes on dovecot since setting fail2ban up including many from repeat IPs, so it's not like fail2ban has had nothing to do.
How can I investigate why fail2ban has not got any log file and appears to be failing to log? Searches uncovered a few people posting about similar problems on a few forums but no solutions I could see.
logs fail2ban
asked Jan 10 '17 at 15:29
user568458user568458
11815
I've set up fail2ban on a centos VPS used for a few mail accounts among other things and want to check that everything is running smoothly. According to fail2ban-client status everything is running as expected on dovecot, exim, and ssh, but there's no log file in the expected place (/var/log/fail2ban.log), and find / -name fail2ban.log finds nothing.
fail2ban-client get loglevel returns Current logging level is 'INFO', and fail2ban-client get logtarget returns Current logging target is:- SYSLOG. Based on this, it should be logging in the default location, which all the docs and guides I've found say is /var/log/fail2ban.log, but no log file is there.
There have been many of the usual probes on dovecot since setting fail2ban up including many from repeat IPs, so it's not like fail2ban has had nothing to do.
How can I investigate why fail2ban has not got any log file and appears to be failing to log? Searches uncovered a few people posting about similar problems on a few forums but no solutions I could see.
logs fail2ban
logs fail2ban
asked Jan 10 '17 at 15:29
user568458user568458
11815
asked Jan 10 '17 at 15:29
user568458user568458
11815
edited Jan 10 '17 at 15:49
user568458
asked Jan 10 '17 at 15:29
user568458user568458
11815
asked Jan 10 '17 at 15:29
user568458user568458
11815
asked Jan 10 '17 at 15:29
user568458user568458
11815
11815
2
The location of the log depends on yoursyslogimplementation and configuration. Did you look in/var/log/messageswhich is now the most common place. Note that troubleshootingfail2banis not an easy task unless you make a good effort in understanding how it works.
– Julie Pelletier
Jan 10 '17 at 15:35
Which CentOS version do you use? Does it includesystemd?
– Tombart
Jan 10 '17 at 15:38
I don't have a/var/log/messagesdirectory, and a system-widefinddidn't find it, so I'm pretty sure it's not being created, rather than I'm looking in the wrong place.rpm --query centos-releasegivescentos-release-6-7.el6.centos.12.3.x86_64, no systemd
– user568458
Jan 10 '17 at 15:41
/var/log/messagesis a file, not a directory. can you paste the contents of/var/log?
– schaiba
Jan 10 '17 at 15:43
@schaiba Oops, yes I do have that file and it does contain fail2ban logging messages. Looks like I was simply looking at out-of-date docs and discussions that all talked about a standalone fail2ban.log file, /var/log/messages is the answer
– user568458
Jan 10 '17 at 15:47
|
show 1 more comment
2
The location of the log depends on yoursyslogimplementation and configuration. Did you look in/var/log/messageswhich is now the most common place. Note that troubleshootingfail2banis not an easy task unless you make a good effort in understanding how it works.
– Julie Pelletier
Jan 10 '17 at 15:35
Which CentOS version do you use? Does it includesystemd?
– Tombart
Jan 10 '17 at 15:38
I don't have a/var/log/messagesdirectory, and a system-widefinddidn't find it, so I'm pretty sure it's not being created, rather than I'm looking in the wrong place.rpm --query centos-releasegivescentos-release-6-7.el6.centos.12.3.x86_64, no systemd
– user568458
Jan 10 '17 at 15:41
/var/log/messagesis a file, not a directory. can you paste the contents of/var/log?
– schaiba
Jan 10 '17 at 15:43
@schaiba Oops, yes I do have that file and it does contain fail2ban logging messages. Looks like I was simply looking at out-of-date docs and discussions that all talked about a standalone fail2ban.log file, /var/log/messages is the answer
– user568458
Jan 10 '17 at 15:47
2
2
The location of the log depends on your
syslog implementation and configuration. Did you look in /var/log/messages which is now the most common place. Note that troubleshooting fail2ban is not an easy task unless you make a good effort in understanding how it works.– Julie Pelletier
Jan 10 '17 at 15:35
The location of the log depends on your
syslog implementation and configuration. Did you look in /var/log/messages which is now the most common place. Note that troubleshooting fail2ban is not an easy task unless you make a good effort in understanding how it works.– Julie Pelletier
Jan 10 '17 at 15:35
Which CentOS version do you use? Does it include
systemd?– Tombart
Jan 10 '17 at 15:38
Which CentOS version do you use? Does it include
systemd?– Tombart
Jan 10 '17 at 15:38
I don't have a
/var/log/messages directory, and a system-wide find didn't find it, so I'm pretty sure it's not being created, rather than I'm looking in the wrong place. rpm --query centos-release gives centos-release-6-7.el6.centos.12.3.x86_64, no systemd– user568458
Jan 10 '17 at 15:41
I don't have a
/var/log/messages directory, and a system-wide find didn't find it, so I'm pretty sure it's not being created, rather than I'm looking in the wrong place. rpm --query centos-release gives centos-release-6-7.el6.centos.12.3.x86_64, no systemd– user568458
Jan 10 '17 at 15:41
/var/log/messages is a file, not a directory. can you paste the contents of /var/log ?– schaiba
Jan 10 '17 at 15:43
/var/log/messages is a file, not a directory. can you paste the contents of /var/log ?– schaiba
Jan 10 '17 at 15:43
@schaiba Oops, yes I do have that file and it does contain fail2ban logging messages. Looks like I was simply looking at out-of-date docs and discussions that all talked about a standalone fail2ban.log file, /var/log/messages is the answer
– user568458
Jan 10 '17 at 15:47
@schaiba Oops, yes I do have that file and it does contain fail2ban logging messages. Looks like I was simply looking at out-of-date docs and discussions that all talked about a standalone fail2ban.log file, /var/log/messages is the answer
– user568458
Jan 10 '17 at 15:47
|
show 1 more comment
2 Answers
2
active
oldest
votes
The location of the log depends on your syslog implementation and configuration.
/var/log/messages is the most common place.
Note that troubleshooting fail2ban is not an easy task unless you make a good effort in understanding how it works.
answered Jan 10 '17 at 16:10
Julie PelletierJulie Pelletier
6,99011340
add a comment |
If you want your Fail2ban to write logs to: /var/log/fail2ban.log
Open the
/etc/fail2ban/fail2ban.conffileChange the line:
logtarget = SYSLOGtologtarget = /var/log/fail2ban.logrestart fail2ban service
Fail2ban will start writing logs to the /var/log/fail2ban.log file.
edited Mar 12 at 10:46
dKen
1034
answered Sep 12 '17 at 21:29
NCodeNCode
315
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f336341%2ffail2ban-is-running-but-no-fail2ban-log-log-file-exists-for-it%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The location of the log depends on your syslog implementation and configuration.
/var/log/messages is the most common place.
Note that troubleshooting fail2ban is not an easy task unless you make a good effort in understanding how it works.
answered Jan 10 '17 at 16:10
Julie PelletierJulie Pelletier
6,99011340
add a comment |
The location of the log depends on your syslog implementation and configuration.
/var/log/messages is the most common place.
Note that troubleshooting fail2ban is not an easy task unless you make a good effort in understanding how it works.
answered Jan 10 '17 at 16:10
Julie PelletierJulie Pelletier
6,99011340
add a comment |
The location of the log depends on your syslog implementation and configuration.
/var/log/messages is the most common place.
Note that troubleshooting fail2ban is not an easy task unless you make a good effort in understanding how it works.
answered Jan 10 '17 at 16:10
Julie PelletierJulie Pelletier
6,99011340
The location of the log depends on your syslog implementation and configuration.
/var/log/messages is the most common place.
Note that troubleshooting fail2ban is not an easy task unless you make a good effort in understanding how it works.
answered Jan 10 '17 at 16:10
Julie PelletierJulie Pelletier
6,99011340
answered Jan 10 '17 at 16:10
Julie PelletierJulie Pelletier
6,99011340
answered Jan 10 '17 at 16:10
Julie PelletierJulie Pelletier
6,99011340
answered Jan 10 '17 at 16:10
Julie PelletierJulie Pelletier
6,99011340
6,99011340
add a comment |
add a comment |
If you want your Fail2ban to write logs to: /var/log/fail2ban.log
Open the
/etc/fail2ban/fail2ban.conffileChange the line:
logtarget = SYSLOGtologtarget = /var/log/fail2ban.logrestart fail2ban service
Fail2ban will start writing logs to the /var/log/fail2ban.log file.
edited Mar 12 at 10:46
dKen
1034
answered Sep 12 '17 at 21:29
NCodeNCode
315
add a comment |
If you want your Fail2ban to write logs to: /var/log/fail2ban.log
Open the
/etc/fail2ban/fail2ban.conffileChange the line:
logtarget = SYSLOGtologtarget = /var/log/fail2ban.logrestart fail2ban service
Fail2ban will start writing logs to the /var/log/fail2ban.log file.
edited Mar 12 at 10:46
dKen
1034
answered Sep 12 '17 at 21:29
NCodeNCode
315
add a comment |
If you want your Fail2ban to write logs to: /var/log/fail2ban.log
Open the
/etc/fail2ban/fail2ban.conffileChange the line:
logtarget = SYSLOGtologtarget = /var/log/fail2ban.logrestart fail2ban service
Fail2ban will start writing logs to the /var/log/fail2ban.log file.
edited Mar 12 at 10:46
dKen
1034
answered Sep 12 '17 at 21:29
NCodeNCode
315
If you want your Fail2ban to write logs to: /var/log/fail2ban.log
Open the
/etc/fail2ban/fail2ban.conffileChange the line:
logtarget = SYSLOGtologtarget = /var/log/fail2ban.logrestart fail2ban service
Fail2ban will start writing logs to the /var/log/fail2ban.log file.
edited Mar 12 at 10:46
dKen
1034
answered Sep 12 '17 at 21:29
NCodeNCode
315
edited Mar 12 at 10:46
dKen
1034
edited Mar 12 at 10:46
dKen
1034
edited Mar 12 at 10:46
dKen
1034
1034
answered Sep 12 '17 at 21:29
NCodeNCode
315
answered Sep 12 '17 at 21:29
NCodeNCode
315
answered Sep 12 '17 at 21:29
NCodeNCode
315
315
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f336341%2ffail2ban-is-running-but-no-fail2ban-log-log-file-exists-for-it%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
The location of the log depends on your
syslogimplementation and configuration. Did you look in/var/log/messageswhich is now the most common place. Note that troubleshootingfail2banis not an easy task unless you make a good effort in understanding how it works.– Julie Pelletier
Jan 10 '17 at 15:35
Which CentOS version do you use? Does it include
systemd?– Tombart
Jan 10 '17 at 15:38
I don't have a
/var/log/messagesdirectory, and a system-widefinddidn't find it, so I'm pretty sure it's not being created, rather than I'm looking in the wrong place.rpm --query centos-releasegivescentos-release-6-7.el6.centos.12.3.x86_64, no systemd– user568458
Jan 10 '17 at 15:41
/var/log/messagesis a file, not a directory. can you paste the contents of/var/log?– schaiba
Jan 10 '17 at 15:43
@schaiba Oops, yes I do have that file and it does contain fail2ban logging messages. Looks like I was simply looking at out-of-date docs and discussions that all talked about a standalone fail2ban.log file, /var/log/messages is the answer
– user568458
Jan 10 '17 at 15:47