I am trying to configure fail2ban to ban people from ftp (running vsftpd).

I can not get it to work and in my troubleshooting I noticed that nothing is being written to my /var/log/vsftpd.log file.

I have this in my vsftpd.conf file:

xferlog_file=/var/log/xferlog
vsftpd_log_file=/var/log/vsftpd.log


man pages say this is how to set the logfile, anyone have any ideas why this would not be working?

Log in attempts are logged in /var/log/secure. So you need to set your log path for fail2ban to /var/log/secure. The xferlog records what files transfer. I am not sure what vstfpd.log records--but I believe it is optional as a way to break down what xferlog records. Not sure how to redirect what log file is used for log in attempts--not sure that you would want to combine them with the other logs either. If anything you would want to setup a separate log file to record ftp login attempts.

Hmm.. Seems like vsftpd was logging to /var/log/vsftpd.log

Here is the currect contents of the file:

Wed Jan 2 17:17:42 2008 [pid 25713] CONNECT: Client "x.x.x.x"
Wed Jan 2 17:17:42 2008 [pid 25712] [joe] FAIL LOGIN: Client "x.x.x.x"
Wed Jan 2 17:23:00 2008 [pid 25742] CONNECT: Client "x.x.x.x"
Wed Jan 2 17:23:00 2008 [pid 25741] [joe] FAIL LOGIN: Client "x.x.x.x"
Wed Jan 2 17:23:17 2008 [pid 25745] CONNECT: Client "x.x.x.x"
Wed Jan 2 17:23:17 2008 [pid 25744] [joe] FAIL LOGIN: Client "x.x.x.x"
Wed Jan 2 17:23:30 2008 [pid 25747] CONNECT: Client "x.x.x.x"
Wed Jan 2 17:23:30 2008 [pid 25746] [joe] FAIL LOGIN: Client "x.x.x.x"


I dont know why it would have stopped?!!??!

This looks like the syntax fail2ban would need, correct?