2. Programming Q&A
  3. linux - Fail2ban is not working but fail2ban regex matched - Stack Overflow

linux - Fail2ban is not working but fail2ban regex matched - Stack Overflow

admin2025-05-02  0

The fail2ban service is not working but the regex matches...

thats my config:

sudo nano /etc/fail2ban/filter.d/login_eiren_studio.conf

[Definition]
datepattern =\[%%Y-%%m-%%d\s%%H:%%M:%%S\s%%z\]
failregex =^\s\|\sIP:\s<HOST>\s.*$
ignoreregex =

sudo nano /etc/fail2ban/jail.local

[login_eiren_studio]
enabled = true
filter = login_eiren_studio
logpath = /var/www/openvscode/proyectos/login.eiren.studio/logs/badauth.log
maxretry = 5
bantime = 3600
findtime = 600

and the logs...

[2025-01-02 12:43:58 +0100] | IP: 85.87.24.22 | Dispositivo: Windows 10 | Navegador: Chrome 131.0.0.0 | Usuario: intento de login: [email protected] | Mensaje: Error: El usuario existe pero la contraseña no es correcta.
[2025-01-02 12:52:18 +0100] | IP: 85.87.24.22 | Dispositivo: Windows 10 | Navegador: Chrome 131.0.0.0 | Usuario: intento de login: [email protected] | Mensaje: Error: El usuario existe pero la contraseña no es correcta.

when I try with fail2ban-regex matches the logs IMAGE

But when I put fail2ban-client status login_eiren_studio I´ve got 0 failed auths, my timezone is Europe/Madrid in my computer and in the logs too IMAGE

Nothing in the fail2ban logs, ive got configured as default (root) and i have read permissions in the logs

Any Ideas? Thx ;)

The fail2ban service is not working but the regex matches...

thats my config:

sudo nano /etc/fail2ban/filter.d/login_eiren_studio.conf

[Definition]
datepattern =\[%%Y-%%m-%%d\s%%H:%%M:%%S\s%%z\]
failregex =^\s\|\sIP:\s<HOST>\s.*$
ignoreregex =

sudo nano /etc/fail2ban/jail.local

[login_eiren_studio]
enabled = true
filter = login_eiren_studio
logpath = /var/www/openvscode/proyectos/login.eiren.studio/logs/badauth.log
maxretry = 5
bantime = 3600
findtime = 600

and the logs...

[2025-01-02 12:43:58 +0100] | IP: 85.87.24.22 | Dispositivo: Windows 10 | Navegador: Chrome 131.0.0.0 | Usuario: intento de login: [email protected] | Mensaje: Error: El usuario existe pero la contraseña no es correcta.
[2025-01-02 12:52:18 +0100] | IP: 85.87.24.22 | Dispositivo: Windows 10 | Navegador: Chrome 131.0.0.0 | Usuario: intento de login: [email protected] | Mensaje: Error: El usuario existe pero la contraseña no es correcta.

when I try with fail2ban-regex matches the logs IMAGE

But when I put fail2ban-client status login_eiren_studio I´ve got 0 failed auths, my timezone is Europe/Madrid in my computer and in the logs too IMAGE

Nothing in the fail2ban logs, ive got configured as default (root) and i have read permissions in the logs

Any Ideas? Thx ;)

  • linux
  • fail2ban
Share Improve this question edited Jan 2 at 12:13 Eiren Studio asked Jan 2 at 12:06 Eiren StudioEiren Studio 32 bronze badges 1
  • Please read the descriptions of the tags you want apply first! As a new user here, also take the tour and read How to Ask. Your Q would also be better off at e.g. superuser.com, because it is not about programming. Study their site guidelines first though, don't blindly post the same Q there. – Ulrich Eckhardt Commented Jan 2 at 12:32
Add a comment  | 

2 Answers 2

Reset to default 1

On Ubuntu/Debian the default backed is now systemd and to process files you probably need to add backend = polling in your jail configuration.

I can also confirm that as of Ubuntu 24.04.2 LTS the default fail2ban configuration of backend = systemd does not seem to work properly for jails monitoring external log files, for example postfix-sasl. After adding backend = auto to all jails in /etc/fail2ban/jail.local, bans immediately started to appear in /var/log/fail2ban.log.

转载请注明原文地址:http://anycun.com/QandA/1746121720a91971.html

linuxFail2ban is not working but fail2ban regex matchedStack Overflow