With quite a few servers accepting SSH connections and protecting themselves using fail2ban, you very quickly recognize one thing: it makes a lot of sense to centralize fail2ban reporting using syslog.
To update fail2ban logging. you need to edit the /etc/fail2ban/fail2ban.conf file and replace this:
logtarget /var/log/fail2ban.log
with this:
logtarget = SYSLOG
Here's how my section looks when I'm editing a file with vim:
Restart fail2ban service and enjoy:
root@s7:/var/log # systemctl reload fail2ban
See Also
- Project: Centralised RSyslog
- Colourised syslogs with grc
- Log RSyslog streams into separate files by source hostname
- Unit Tutorial Projects
