LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-27-2014, 07:46 AM   #1
paulus89
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Rep: Reputation: Disabled
Fail2ban log empty


Dear All,

Why my fail2ban log keeps empty?

what I missed? .. what should I check?

anybody please help?

thanks a lot in advance

regards

Pau
 
Old 08-27-2014, 10:55 AM   #2
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,195
Blog Entries: 10

Rep: Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986
What does
Code:
sudo fail2ban-client status
report?
 
Old 08-31-2014, 10:05 PM   #3
paulus89
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Hello Habitual..

it shown

[root@proxy postfix]# sudo fail2ban-client status
Status
|- Number of jail: 7
`- Jail list: dovecot-auth, fail2ban, ssh-iptables, postfix-tcpwrapper, sasl, dovecot, ssh
[root@proxy postfix]#


what I missed?..

thanks a lot in advance

Pau
 
Old 09-01-2014, 08:52 AM   #4
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,195
Blog Entries: 10

Rep: Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986
Is there a /var/log/fail2ban.log file present?
Code:
ls -al /var/log/fail2ban.log
output please.

mine is owned by root:root and has 600 permissions
What fail2ban do you have installed?
Code:
fail2ban-client --version | head -1
output please.
Also how was it installed? Manually, or by repo?

Is it enforcing? Check it with
Code:
iptables -L fail2ban-SSH -n
Are there any entries in the output?

The fail2ban jail looks "funny". I have several fail2bans installed and I've never seen any fail2ban jail on any of them.

Please let us know.
 
Old 09-01-2014, 10:21 AM   #5
paulus89
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
Hello,

these are the results:

[root@proxy postfix]# ls -al /var/log/fail2ban.log
-rw-r--r-- 1 root root 0 Aug 26 10:19 /var/log/fail2ban.log

[root@proxy postfix]# fail2ban-client --version | head -1
Fail2Ban v0.8.11

[root@proxy postfix]# iptables -L fail2ban-SSH -n
Chain fail2ban-SSH (1 references)
target prot opt source destination
REJECT all -- 61.174.50.163 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 61.174.51.234 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 116.10.191.208 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 222.163.192.162 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 116.10.191.227 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 122.225.109.209 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 116.10.191.198 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 86.110.225.59 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 122.225.109.98 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 139.0.12.151 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 61.167.49.135 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 122.225.109.216 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 61.167.49.137 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 222.255.174.77 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 122.225.109.194 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 122.225.109.213 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 116.10.191.213 0.0.0.0/0 reject-with icmp-po rt-unreachable
REJECT all -- 116.10.191.216 0.0.0.0/0 reject-with icmp-po rt-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
[root@proxy postfix]#
 
Old 09-01-2014, 11:02 AM   #6
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,195
Blog Entries: 10

Rep: Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986
What is the value of
logtarget =
in /etc/fail2ban/fail2ban.conf ?
 
Old 09-01-2014, 11:25 PM   #7
paulus89
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
logtarget = SYSLOG


any idea?
 
Old 09-02-2014, 09:46 AM   #8
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,195
Blog Entries: 10

Rep: Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986
Paul,
Change that to
Code:
logtarget = /var/log/fail2ban.log
and restart the service.
 
1 members found this post helpful.
Old 09-02-2014, 08:35 PM   #9
paulus89
LQ Newbie
 
Registered: Jun 2014
Posts: 26

Original Poster
Rep: Reputation: Disabled
thanks! . it works
 
Old 09-03-2014, 01:22 PM   #10
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,195
Blog Entries: 10

Rep: Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986Reputation: 1986
You are very welcome.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] fail2ban.log and rsyslog Habitual Linux - Security 6 04-30-2014 04:52 PM
apache log file issue with fail2ban plisken Linux - Security 2 03-24-2014 06:30 PM
Fail2ban Log NotAComputerGuy Linux - Security 7 01-10-2013 08:17 PM
Fail2ban.log error. Havnt had before. :S dirtydog7655 Linux - Software 1 02-24-2011 04:55 PM
fail2ban log errors for ssh jail linuxlover.chaitanya Linux - Security 2 07-24-2010 08:01 AM


All times are GMT -5. The time now is 08:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration