• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Fail2Ban logging

ulitre

New Pleskian
I am running Fail2Ban on several CentOS 6 containers with several active jails (apache-noscripts, plesk-apache etc.). The Fail2Ban.log provides the IP address which was banned; however, what I would like to see is which subscription the offender hit so that I can quickly open that specific subscription’s error_log and determine the activity associated with the banned IP address prior to the ban action. Is this possible (as it is not feasible to open 75+ error logs searching for a Banned IP address each time I would like to investigate further)?

Error logs for each subscription are being checked, so it seems there should be a way to have this information displayed in the fail2ban.log or elsewhere.
fail2ban.filter [1170]: INFO Added logfile = /var/www/vhosts/system/example.com/logs/error_log

I have been looking for an answer to this for sometime. Any help is appreciated.
 
I am running Fail2Ban on CentOS 6.6 with several jails (apache-noscripts, plesk-apache etc.). The Fail2Ban checks the access and error logs for each subscription and successfully reports the IP Addresses which are being banned.

Is there a way to force reporting of the subscription being attacked by each offending IP address? I would like to be able to quickly identify which subscription was attacked by a specific IP to enable me to investigate that subscription's log files. Without this information I am forced to search individual subscription logs hoping to find the right log which is not feasible.
 
Back
Top