• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

No logs for fail2ban?

Chris1

Chris1

Regular Pleskian
I'm just wondering how I can start logging activity in Fail2Ban. I've got the following line in the "logs" tab in "IP Address Banning" in the Plesk UI:

/var/log/fail2ban.log

However when I check this it states "The file is empty".

I'm assuming there will be a setting somewhere that tells fail2ban to log to that file but I'm not sure where/what it is?

I know for sure that I've had IP's banned but they just don't appear to be logged.

Any help would be much appreciated.

Kind regards,
Chris
 
Hello,

Thank you for the reply.

This is switched on, fail2ban is certainly working as I receive emails when IP's get banned. Nothing goes into the log file though.
 
Hi Chris1,

your fail2ban configuration is located at: /etc/fail2ban

... and the initial configuration is defined at "/etc/fail2ban/fail2ban.conf" - where you will find as well the configuration line: "logtarget = /var/log/fail2ban.log". You will find as well the log - level definition, which might be changed, if you experience issues/problems, so that the output is more detailed ( I would suggest the "loglevel = 3" = INFO ).

To see if fail2ban started as expected and runs in the background, you could use the command:

service fail2ban status
 
UFHH01 said:
Hi Chris1,

your fail2ban configuration is located at: /etc/fail2ban

... and the initial configuration is defined at "/etc/fail2ban/fail2ban.conf" - where you will find as well the configuration line: "logtarget = /var/log/fail2ban.log". You will find as well the log - level definition, which might be changed, if you experience issues/problems, so that the output is more detailed ( I would suggest the "loglevel = 3" = INFO ).

To see if fail2ban started as expected and runs in the background, you could use the command:

service fail2ban status
Click to expand...

Hi UFHH01,

I've checked my fail2ban.conf file and I have the following:

loglevel =3
logtarget = /var/log/fail2ban.log

I get the following result when I run "service fail2ban status":

fail2ban-server (pid 1395) is running...
Status
|- Number of jail: 11
`- Jail list: plesk-apache-badbot, recidive, ssh-iptables, plesk-roundcube, plesk-panel, plesk-apache, plesk-courierimap, wordpress, plesk-postfix, plesk-horde, plesk-proftpd

My server banned an IP for trying to log into FTP too many times but still nothing in fail2ban.log.
 
Hi Chris1,

... a bit strange... I have to admit.

For the developpers from Parallels, you might include your operating system and Plesk version ( incl. MU )... just to make them happy, if they would like to try to reproduce the issue.


As a work - around I would suggest to re-install your Fail2Ban extension with the command:

/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --remove-component fail2ban
mv /etc/fail2ban /etc/fail2ban.backup
/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --install-component fail2ban

... and activate the desired jails again over the Plesk Control Panel afterwards.

The command "service fail2ban restart" should normally lead to reset all jails and reset the iptaples - configuration from fail2ban and as well to write all to the defined log ( depending on the log - level ).
 
Hi there,

It looks like I've resolved the issue, thank you.

My log target was set to something else before I changed it to "/var/log/fail2ban.log" and I thought I had restarted fail2ban since then but apparently not.

I appreciate your assistance.

Kind regards,
Chris
 
You must log in or register to reply here.

Similar threads

andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
975
andreios
andreios
W
Question How to Prevent High Connection Counts Causing High Memory Usage (Possible DDoS?)
Replies
7
Views
2K
Bitpalast
Bitpalast
R
Issue UFW turned off and Fail2Ban suddenly completely missing from Plesk Panel -- Very Concerning
Replies
4
Views
2K
regenix
R
A
Question Fail2Ban capture and ban IP, connection still being made
Replies
8
Views
2K
Bitpalast
Bitpalast
A
Issue Problems with fail2ban
Replies
1
Views
1K
Kaspar@Plesk
Kaspar@Plesk
Back
Top