On Monday, September 4, 2017 9:34 AM, Tony Collins <t...@evilplan.org.uk> wrote:
> Hi - ah, I think Fail2Ban isn't logging enough information [...] > You can check by running fail2ban-client get loglevel[...] root@messagerie[10.10.10.19] ~ # fail2ban-client get loglevel Current logging level is INFO root@messagerie[10.10.10.19] ~ # zgrep -i found /var/log/fail2ban.log* root@messagerie[10.10.10.19] ~ # Let's see if the setting is overriden somewhere ? root@messagerie[10.10.10.19] ~ # grep loglevel -r /etc/fail2ban/ /etc/fail2ban/fail2ban.conf:# loglevel = 4 /etc/fail2ban/fail2ban.conf:# Option: loglevel /etc/fail2ban/fail2ban.conf:# loglevel = 3 changé à 4 /etc/fail2ban/fail2ban.conf:# loglevel remis à 4. /etc/fail2ban/fail2ban.conf:loglevel = 3 /etc/fail2ban/filter.d/freeswitch.conf:# -- this requires a high enough loglevel on your logs to save these messages. /etc/fail2ban/jail.conf:# Make sure that your loglevel specified in fail2ban.conf/.local /etc/fail2ban/fail2ban.conf~:# loglevel = 4 /etc/fail2ban/fail2ban.conf~:# Option: loglevel /etc/fail2ban/fail2ban.conf~:# loglevel = 3 changé à 4 /etc/fail2ban/fail2ban.conf~:loglevel = 4 /etc/fail2ban/jail.conf~:# Make sure that your loglevel specified in fail2ban.conf/.local root@messagerie[10.10.10.19] ~ # There's only one entry that isn't commented, and that's loglevel = 3. Besides, changing the loglevel in jail.local seems to get ignored. Maybe the version of f2b I'm using is too old ? root@messagerie[10.10.10.19] ~ # fail2ban-client --version Fail2Ban v0.8.13 [...] root@messagerie[10.10.10.19] ~ # In any case, I decided to increment the loglevel to 4 and see if that helps, but I don't think this was a good idea : 2017-09-04 10:06:54,887 fail2ban.filter.datedetector[10631]: DEBUG Matched time template MONTH Day Hour:Minute:Second 2017-09-04 10:06:54,887 fail2ban.filter.datedetector[10631]: DEBUG Got time using template MONTH Day Hour:Minute:Second 2017-09-04 10:06:54,888 fail2ban.filter.datedetector[10631]: DEBUG Got time using template MONTH Day Hour:Minute:Second 2017-09-04 10:06:54,888 fail2ban.filter.datedetector[10631]: DEBUG Got time using template MONTH Day Hour:Minute:Second 2017-09-04 10:06:54,889 fail2ban.filter.datedetector[10631]: DEBUG Matched time template MONTH Day Hour:Minute:Second 2017-09-04 10:06:54,889 fail2ban.filter.datedetector[10631]: DEBUG Matched time template MONTH Day Hour:Minute:Second 2017-09-04 10:06:54,889 fail2ban.filter.datedetector[10631]: DEBUG Matched time template MONTH Day Hour:Minute:Second 2017-09-04 10:06:54,890 fail2ban.filter.datedetector[10631]: DEBUG Got time using template MONTH Day Hour:Minute:Second 2017-09-04 10:06:54,890 fail2ban.filter.datedetector[10631]: DEBUG Got time using template MONTH Day Hour:Minute:Second 2017-09-04 10:06:54,890 fail2ban.filter.datedetector[10631]: DEBUG Got time using template MONTH Day Hour:Minute:Second 2017-09-04 10:06:54,891 fail2ban.filter.datedetector[10631]: DEBUG Matched time template MONTH Day Hour:Minute:Second Look at the timestamps :) I would need 10 billion terrabytes of disk space to log every milisecond of activity. > I'm not sure if I'm sending this to the right address - I got two copies of > your reply[...] I made a reply to all, which sent a mail to your personal addresse plus a copy to the mailing list. Yassine. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
