>> First, there is fail2ban. I configured >> /etc/rsyslog.conf >> as follows: >> >> # fail2ban log >> local6.* /var/log/fail2ban.log >> >> and fail2ban.conf as follows: >> >> loglevel = 3 >> logtarget = SYSLOG >> syslog-facility = 22 >> syslog-target = /var/log/fail2ban.log >> >> fail2ban logs remotely, but instead of to the file specified above (I >> touched it), it logs to messages. What did I miss? > > Unfortunately, I don't know fail2ban. But some insight may be possible if > you > add > > *.* /var/log/debugfile;RSYSLOG_DebugFormat > > Then the debugfile will show us some details.
I could see nothing of use there. However, I did the same thing with this facility (local6) as I did with the one I was using for Cisco (local7), and interestingly, rsyslog kept on logging fail2ban messages, so I can only assume that even though I have the syslog-facility numeric code for local6 defined above (I also tried just typing "local6" with no difference), fail2ban is logging to a different facility. Unless somebody here can see something obvious I'm doing wrong, I guess this is a question for the fail2ban lists. Thanks! _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
