I have installed fail2ban successfully but it does not keep logs.

S

sylarworld

New Member
Sep 20, 2023
2
0
1
Hello, forgive my bad English, it is not my first language.
I have installed fail2ban following the Proxmox guide. Everything works correctly and fail2ban blocks my login attempts if I make a mistake more than 5 times. But it doesn't keep any record of that activity for me:
WindowsTerminal_RMqXIuEgsT_copia.png

What could I be doing wrong?
This is my configuration:

WindowsTerminal_WbY5mmfJEm_copia.png WindowsTerminal_DrxUBpSb5v_copia.png
WindowsTerminal_1lxtz2FOeO.png
 
Your output shows your regex test on a logfile and then presumably part of your local jail.local config.
All being well, fail2ban will log everything including Bans/Unbans to /var/log/fail2ban.log. I believe you can/could configure logging to go to systemd journal. Check 'logtarget'.
To see activity since last fail2ban startup, you could try: fail2ban-client status sshd; fail2ban-client status proxmox
 
Last edited:
With the command you gave me I was able to see the fail2ban logs and all my failed authentication attempts.
WindowsTerminal_A0kYlugqRs_copia.png
Since I followed the Proxmox manual, I was surprised that it did not show my failed attempts when I tried the command: fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox.conf
 
Last edited:
sylarworld said:
Since I followed the Proxmox manual, I was surprised that it did not show my failed attempts when I tried the command: fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox.conf
Click to expand...
That will only show the number of matches. To print the matched lines themselves, add --print-all-matched.
Once set up, you use fail2ban-client (rather than fail2ban-regex) to administer a running fail2ban instance (e.g. manually add/remove blocked IPs).
You can see from your fail2ban-client output, the sshd jail is matching on journald whereas proxmox jail does so on the specified log file (I think).

When you post output from terminal sessions, consider pasting the text rather screen captures. That way, you can sanitize the output and it becomes searchable by forum users ;)
 
Last edited:
The wiki seems not to be up to date.
For using fail2ban-regex with systemd as the backend use:
Bash: 
fail2ban-regex systemd-journal /etc/fail2ban/filter.d/proxmox.conf
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back