No logs for fail2ban?

[Chris1]

I'm just wondering how I can start logging activity in Fail2Ban. I've got the following line in the "logs" tab in "IP Address Banning" in the Plesk UI:

/var/log/fail2ban.log

However when I check this it states "The file is empty".

I'm assuming there will be a setting somewhere that tells fail2ban to log to that file but I'm not sure where/what it is?

I know for sure that I've had IP's banned but they just don't appear to be logged.

Any help would be much appreciated.

Kind regards,
Chris

 

[Alexey.Plotnitsky]

Chris,

Perhaps fail2ban is not started yet? Please check it below:
View attachment 9445

 

[Chris1]

Hello,

Thank you for the reply.

This is switched on, fail2ban is certainly working as I receive emails when IP's get banned. Nothing goes into the log file though.

 

[Alexey.Plotnitsky]

Thanks, I will inform Plesk devs

 

[UFHH01]

Hi Chris1,

your fail2ban configuration is located at: /etc/fail2ban

... and the initial configuration is defined at "/etc/fail2ban/fail2ban.conf" - where you will find as well the configuration line: "logtarget = /var/log/fail2ban.log". You will find as well the log - level definition, which might be changed, if you experience issues/problems, so that the output is more detailed ( I would suggest the "loglevel = 3" = INFO ).

To see if fail2ban started as expected and runs in the background, you could use the command:

service fail2ban status​

 

[Chris1]

Hi Chris1,

your fail2ban configuration is located at: /etc/fail2ban

... and the initial configuration is defined at "/etc/fail2ban/fail2ban.conf" - where you will find as well the configuration line: "logtarget = /var/log/fail2ban.log". You will find as well the log - level definition, which might be changed, if you experience issues/problems, so that the output is more detailed ( I would suggest the "loglevel = 3" = INFO ).

To see if fail2ban started as expected and runs in the background, you could use the command:

service fail2ban status​

Hi UFHH01,

I've checked my fail2ban.conf file and I have the following:

loglevel =3
logtarget = /var/log/fail2ban.log

I get the following result when I run "service fail2ban status":

fail2ban-server (pid 1395) is running...
Status
|- Number of jail: 11
`- Jail list: plesk-apache-badbot, recidive, ssh-iptables, plesk-roundcube, plesk-panel, plesk-apache, plesk-courierimap, wordpress, plesk-postfix, plesk-horde, plesk-proftpd

My server banned an IP for trying to log into FTP too many times but still nothing in fail2ban.log.

 

[UFHH01]

Hi Chris1,

... a bit strange... I have to admit.

For the developpers from Parallels, you might include your operating system and Plesk version ( incl. MU )... just to make them happy, if they would like to try to reproduce the issue.


As a work - around I would suggest to re-install your Fail2Ban extension with the command:

/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --remove-component fail2ban
mv /etc/fail2ban /etc/fail2ban.backup
/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component fail2ban

... and activate the desired jails again over the Plesk Control Panel afterwards.

​

The command "service fail2ban restart" should normally lead to reset all jails and reset the iptaples - configuration from fail2ban and as well to write all to the defined log ( depending on the log - level ).

 

[Chris1]

Hi there,

It looks like I've resolved the issue, thank you.

My log target was set to something else before I changed it to "/var/log/fail2ban.log" and I thought I had restarted fail2ban since then but apparently not.

I appreciate your assistance.

Kind regards,
Chris