fail2ban with action = %(action_mwl)s not including log lines
All, I've posted to the forum, but haven't received any suggestions https://bbs.archlinux.org/viewtopic.php?pid=2190182#p2190182 The title says it all. When fail2ban is configured to include log lines in the e-mail it sends when a ban it triggered, no log lines are included. The whois info is included, but not the log lines. Does anybody have this working? Does this need a bug report to have something tweaked to work with the journal on Arch? -- David C. Rankin, J.D.,P.E.
On 8/16/24 11:45 PM, David C. Rankin wrote:
All,
I've posted to the forum, but haven't received any suggestions https://bbs.archlinux.org/viewtopic.php?pid=2190182#p2190182
The title says it all. When fail2ban is configured to include log lines in the e-mail it sends when a ban it triggered, no log lines are included. The whois info is included, but not the log lines.
Does anybody have this working? Does this need a bug report to have something tweaked to work with the journal on Arch?
Well, I have it solved after an extended discussion with the very helpful fail2ban maintainer. There are additional steps required for fail2ban to report the log lines (journal entries) with systemd not covered in the wiki. The configuration needed with Arch are covered in the answer to the bbs post: https://bbs.archlinux.org/viewtopic.php?id=298572 The notification e-mail now includes the relevant log entries which is a welcomed convenience. The bbs thread also contains links to the github discussion with the maintainer that includes additional tips and tricks that simplifies testing your config with fail2ban. -- David C. Rankin, J.D.,P.E.
participants (1)
-
David C. Rankin