Unable to start Intrusion Detection

When I click the start button to enable intrusion detection, I get a progress wheel staying “please wait” for about 5 seconds, then the progess wheel goes away and I’m left with the same start button. Where can I find logfile info for this, for troubleshooting?

Try to check logs. Maybe there is an issue with a jail which is not configured or missing.

I checked the log before and after clicking on the start button for intrusion detection, and no additional lines were added to the log. Do I need to enable something in particular, like how I had to enable pjsip logging when I was having outbound issues?

Check logs in /var/log/asterisk/fail2ban …Etc
Or use console and try to run: fail2ban-client start

how do I use console? Or would it be easier to SSH into FreePBX?

You can use SSH or use Reports / Asterisk Logfiles check checking logs.
SSh to start F2B manually.


I didn’t realize I could choose the actual fail2ban logs in the reports section.

What’s the result of fail2ban-client status

If the file openvpn.conf is breaking F2B then try to create it.

/etc/fail2ban/filter.d/openvpn.conf
# Fail2Ban filter for OpenVPN rejections
#
#

[Definition]

failregex = ^ TLS Error: incoming packet authentication failed from [AF_INET]<HOST>:\d+$
            ^ <HOST>:\d+ Connection reset, restarting
            ^ <HOST>:\d+ TLS Auth Error
            ^ <HOST>:\d+ TLS Error: TLS handshake failed$
            ^ <HOST>:\d+ VERIFY ERROR

ignoreregex =

Privileges :

ll /etc/fail2ban/filter.d/openvpn.conf
-rw-r--r-- 1 root root 356 Nov 29 23:07 /etc/fail2ban/filter.d/openvpn.conf

ERROR Unable to contact server. Is it running?

Nope.
So, add the missing file and run fail2ban-client start.

ok, just created the file, permissions are in accordance with what you specified. Now:

[root@freepbx filter.d]# fail2ban-client start
ERROR  No file(s) found for glob /var/log/openvpn.log
ERROR  Failed during configuration: Have not found any log file for openvpn jail

Then run touch /var/log/openvpn.log
Next fail2ban-client start.

lol, I was literally typing that thinking “how dumb am I?” when you responded to type that. It is up and running now. Thank you so much!

1 Like

Great.
Have a nice day.and Weekend.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.