/var/log/fail2ban.log - written by fail2ban process
-/var/log/asterisk/fail2ban -written by asterisk
fail2ban is configured to write to /var/log/fail2ban.log
/etc/asterisk/logger_logfiles_additional.conf allows me to set the log level, but it is obviously writing to /var/log/asterisk/fail2ban.
With “ps aux | grep fail2ban” I only see one instance of fail2ban running, so I am confused why I have 2 logs and 2 places to set log level. Should I modify logtarget with fail2ban-client to /var/log/asterisk/fail2ban so I only have 1 log?
Also (sorry for 2 questions in one post) – Changing GUI Sys Admin > Intrusion Detection overwrites /etc/fail2ban/jail.local for most jails but does not change recidive. Is there anyway to increase the findtime and bantime for recdive jail?
# Fail2Ban jail base specification file
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwitten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]
# bantime = 3600
#
# [ssh-iptables]
# enabled = true
Chances are you have defined asterisk jails in this file (the old fashioned way) and also in jail.local (the new fashioned way) or possibly in the jail.d/ ‘drop directory’ (the recommended way)