I've install fail2ban
on Debian Jessie LXC container, currently it's failing due to:
Starting authentication failure monitor: fail2ban
ERROR No file(s) found for glob /var/log/auth.log
ERROR Failed during configuration: Have not found any log file for ssh jail
There's no syslog
or rsyslog
on the system and thus /var/log/auth.log
is not generated. Is there a way how to tell fail2ban
to use output of journalctl _COMM=sshd
?
Best Answer
For systemd systems:
You have to specify the backend in
/etc/fail2ban/jail.conf
to usesystemd
as follows:Then restart fail2ban:
Edit:
I'm a heavy CentOS/RHEL/Fedora guy so you may have to adapt what I say a bit. As far as this answer, you may have to update the fail2ban package to a version that supports systemd as a backend or you'll have to install
rsyslog
and add the following to your/etc/rsyslog.conf
:This will make sure sshd auth logs are logging to
/var/log/auth.log
which will be read by the defaultpyinotify
backend in fail2ban: