I notice we are in the Distro list here, how did you install fail2ban, they have an rpm for that.
running: fail2ban-regex /var/log/asterisk/fail2ban /etc/fail2ban/filter.d/asterisk-security.conf I get
Running tests
Use regex file : /etc/fail2ban/filter.d/asterisk-security.conf
Use log file : /var/log/asterisk/fail2ban
Results
Failregex: 0 total
Ignoreregex: 0 total
Summary
Sorry, no match
Look at the above section âRunning testsâ which could contain important
information.
I installed fail2ban using âyum -y fail2banâ
Running: fail2ban-regex /var/log/asterisk/fail2ban /etc/fail2ban/filter.d/asterisk.conf I get
Failregex: 18 total
|- #) [# of hits] regular expression
| 1) [6] NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - Wrong password
| 3) [12] NOTICE.* .*: Registration from '.*' failed for '<HOST>:.*' - No matching peer found
`-
Ignoreregex: 0 total
Summary
=======
Addresses found:
[1]
192.168.5.103 (Fri Jun 20 17:23:42 2014)
192.168.5.103 (Fri Jun 20 17:23:51 2014)
192.168.5.103 (Fri Jun 20 17:23:59 2014)
192.168.5.103 (Fri Jun 20 17:24:14 2014)
192.168.5.103 (Fri Jun 20 17:24:38 2014)
192.168.5.103 (Fri Jun 20 17:24:52 2014)
[3]
50.97.94.23 (Fri Jun 20 17:20:44 2014)
50.97.94.23 (Fri Jun 20 17:20:44 2014)
198.15.96.194 (Fri Jun 20 17:20:53 2014)
198.15.96.194 (Fri Jun 20 17:20:53 2014)
113.11.254.211 (Fri Jun 20 17:22:00 2014)
113.11.254.211 (Fri Jun 20 17:22:00 2014)
50.97.94.23 (Fri Jun 20 17:31:43 2014)
50.97.94.23 (Fri Jun 20 17:31:43 2014)
50.97.232.161 (Fri Jun 20 17:36:55 2014)
50.97.232.161 (Fri Jun 20 17:36:55 2014)
50.97.94.23 (Fri Jun 20 17:41:44 2014)
50.97.94.23 (Fri Jun 20 17:41:44 2014)
Date template hits:
4000 hit(s): Year-Month-Day Hour:Minute:Second
Success, the total number of match is 18
However, look at the above section 'Running tests' which could contain important
information.
It appears to be working. and when maxretry is hit within findtime in whatever jail, then /var/log/fail2ban.log should inform you as much, now add SECURITY to your logfile for more hits.
I am unsure about adding this âsecurityâ to the log file. Please advise.
your logfile needs defining with at least
fail2ban => SECURITY,NOTICE
you can add WARNING for good measure, but the other two will probably catch everything, does the rpm install not do that for you already?
Oh, you are using asterisk 1.8, I think you are SOL there then, you really need to upgrade that
Well, problem is anything higher is not running too well on virtual machines.
https://issues.asterisk.org/jira/browse/ASTERISK-20128
But I do really appreciate the replies.
Thank you very much helping me understand this.
I would have to disagree with that, all my bigger instances of FreePBX run asterisk 11.10.2 on 64 bit vt-x hardware under KVM, but I guess it would depend on your Virtualization technology,
The PBX at my house runs perfectly fine with asterisk 11 under virt-manager on a $400 intel NUC which also has another VM running mythtv and another for Windoze7 (donât ask 
while still being my primary desktop.
It may work in many cases, but not all of them. Anything past 1.8.12 has serious issues on OpenVZ, and 11 and 12, may or may not compile on KVM. From what I understand it can depend on the CPU the host has.
OK, just believe otherwise or just pragmatically spin up another VM and try it. As a caveat, I only use Debian and I can assure you that on hardware with CPU visualization support, it has never failed me, nor has installing PIAF or Schmooze or AsteriskNOW from their redhat based isoâs but while you stay with 1.8 you are seriously exposed to Chines machines on Cloud hosters, and Fail2ban just canât help you there as asterisk 1.8 just doesnât expose the attack vectors.
Any way good luck.
(You would only need one 386 core with 512 memory and 10G hdd for maybe 20 hard using extensions, donât complicate matters 
)
Well then they really need to fix that bug,. Seriously I cannot get anything past 1.8.12 to compile on OpenVZ. After all it is a popular virtualization choice,.
While I consider upgrading to 11, what is the security logging?
OpenVZ uses the underlying hardware kernel and badly shares kernel resources and there are âso many slips twixt the cpu and the lip thereâ, I think you are you are chasing a dead horse there, just make a real VM.
(who are âtheyâ? and what bug?)
I did post a link to the bug open bug report above regarding Asterisk
Surely that doesnât pertain to OpenVZ, just a few with KVM , did you try making a KVM yet? (30 minutes max), if it doesnât work for you than add yourself appropriately to the bug list, if it does then that would be a good thing
Actually it does pertain to openVZ. I am getting the same results with it, if not worse.
I have made numerous asterisk builds on KVMâŚnot all of them have been successful.
Even with Asterisk 11 and 12 there have been compile failures on some older CPU.
With repect, using virtualization on âolder CPUsâ is surely self limiting, why would you do that? One of many options from ebay
I can guarantee you would support all you need many times over, Boot it with a usb stick
http://www.proxmox.com/downloads/item/proxmox-ve-3-2-iso-installer
But I think this thread is done, you now have your âbest effortâ fail2ban working and that is what you wanted, your VM problems really donât belong in this FreePBX forum. I apologize to the community for taking the bait. Many here do use and will continue to use Virtualization for the Asterii of now and those to come.
I did not refer to virtualization on older CPUs, but compiling directly on the hardware.
In addition, not all is well with fail2ban. recidive jail does not seem to be banned after 10 tries
[recidive]
enabled = true
filter = recidive
logpath = /var/log/fail2ban.log
action = iptables-allports[name=recidive, protocol=all]
sendmail[name=recidive, [email protected], [email protected], hostname=pbx.netservisity.com]
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 10