SNG 7 Why Two Active fail2ban Logs? How to fix?

Is there a fail2ban guru out there?

With current SNG7 I have 2 active fail2ban logs:

  • /var/log/fail2ban.log - written by fail2ban process
    -/var/log/asterisk/fail2ban -written by asterisk

fail2ban is configured to write to /var/log/fail2ban.log
/etc/asterisk/logger_logfiles_additional.conf allows me to set the log level, but it is obviously writing to /var/log/asterisk/fail2ban.

With “ps aux | grep fail2ban” I only see one instance of fail2ban running, so I am confused why I have 2 logs and 2 places to set log level. Should I modify logtarget with fail2ban-client to /var/log/asterisk/fail2ban so I only have 1 log?

Also (sorry for 2 questions in one post) – Changing GUI Sys Admin > Intrusion Detection overwrites /etc/fail2ban/jail.local for most jails but does not change recidive. Is there anyway to increase the findtime and bantime for recdive jail?


At the top of the jail.conf file you will find

# Fail2Ban jail base specification file
# It will probably be overwitten or improved in a distribution update.
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
# bantime = 3600
# [ssh-iptables]
# enabled = true

Chances are you have defined asterisk jails in this file (the old fashioned way) and also in jail.local (the new fashioned way) or possibly in the jail.d/ ‘drop directory’ (the recommended way)

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.