Using rsyslog on 5.8.6 on my Client, I can't seem to get /var/log/fail2ban.log from the client over to my rsyslogd 7.6.3 Server.
Fail2ban on the client is v0.8.6
in /etc/fail2ban/fail2ban.conf
Code:
# Fail2Ban configuration file
[Definition]
loglevel = 3
logtarget = SYSLOG
syslog-facility = 22
syslog-target = /var/log/fail2ban.log
in /etc/rsyslog.conf I set:
Code:
# 04/30/2014 11:44:50 AM
$ModLoad imfile
# File /var/log/fail2ban.log
$InputFileName /var/log/fail2ban.log
$InputFileTag c9mail_fail2ban
$InputFileStateFile state-fail2ban-entries
$InputFileSeverity severity
$InputFileFacility facility
$InputRunFileMonitor
*.* @<ip>:514
This gives me fail2ban* files on the rsyslog host-server:
Code:
fail2ban.filter.log
fail2ban.jail.log
fail2ban.server.log
But there's no record of any IPs that are banned.
I tried setting one manually using fail2ban-client using
Code:
fail2ban-client set zimbra banip 46.201.148.246
but this barfs with
Code:
WARNING 'socket' not defined in 'Definition'. Using default value
46.201.148.246
I "may" have to wait for fail2ban to do a ban automatically to see /var/log/firewall.log populated.
I have bounced rsyslogd and fail2ban during this time and it has made little difference.
So, is there something I have missed?
Thanks!