Bug - Webmin on Almalinux 10 - missing syslog option

Webmin
1
SYSTEM INFORMATION
OS type and version AlmaLinux 10.0
Webmin version 2.510

Under Webmin / Webmin Configuration / Authentication - The option for Log failures to syslog is missing, this is a clean installation with very few changes made.

Currently, failed logins to webmin/usermin are not being captured to ANY log file under Almalinux 10, this is preventing Fail2Ban from tracking them. I have troubleshooted this with chatgpt and out of options other than reporting this as a bug.

2

are you seeing anything in /var/log/secure?

3

Nothing from webmin no. I do wonder if the missing UI option for syslog is related, in the .conf file the syslog=1 is set.

4

aha I found a logfile - /var/webmin/webmin.log
That has just the failed login attempts and very little else. Not sure why these auth logs are not where Fail2Ban would expect them. Someone might want to take a detailed look at the logging on Alma 10.0

5

For anyone else wanting to log Fail2Ban using this log file /var/webmin/webmin.log the regex for it currently is below and tested as working.

^\S+\s+\[[^\]]+\]\s+\S+\s+-\s+<HOST>\s+\S+\s+record-failed\.pl\s+"failed"(?:\s+".*"){2}\s*$

1 Like
6

Right, looks like Alma 10.0 has changed something that doesn’t allow it to be logged. Its fine in Alma 9.

1 Like
7

My thinking too, so probably needs a code change somewhere to fix that on webmins side i’d imagne.

8

You probably don’t have syslog. Modern systems do not. (You have the journal.)

9 
rpm -qa | grep -E 'rsyslog|syslog-ng'
rsyslog-8.2412.0-1.el10.x86_64

thats looking installed to me?

10

Try systemctl status rsyslog

I’ve found very little on changes to the logging.

11 
systemctl status rsyslog
● rsyslog.service - System Logging Service
     Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; preset: enabled)
     Active: active (running) since Mon 2025-09-22 18:27:08 BST; 4h 56min ago
 Invocation: 38994827ba8144eeb80f270f7138d8bf
       Docs: man:rsyslogd(8)
             https://www.rsyslog.com/doc/
   Main PID: 3885 (rsyslogd)
      Tasks: 3 (limit: 48172)
     Memory: 1.3M (peak: 2.1M)
        CPU: 860ms
     CGroup: /system.slice/rsyslog.service
             └─3885 /usr/sbin/rsyslogd -n

Sep 22 18:27:07 xxxxxx systemd[1]: Starting rsyslog.service - System Logging Service...
Sep 22 18:27:08 xxxxxx rsyslogd[3885]: [origin software="rsyslogd" swVersion="8.2412.0-1.el10" x-pid="3885" x-info="https://www.rsyslog.com"] start
Sep 22 18:27:08 xxxxxx systemd[1]: Started rsyslog.service - System Logging Service.
Sep 22 18:27:08 xxxxxx rsyslogd[3885]: imjournal: journal files changed, reloading...  [v8.2412.0-1.el10 try https://www.rsyslog.com/e/0 ]
12

You don’t need to install the rsyslog package! If you enabled logging to syslog using the “Also log Webmin actions to syslog” option on the “Webmin ⇟ Webmin Configuration: Logging” page, it will log to the journal, e.g.:

~# journalctl -f -u webmin
Sep 23 02:52:35 host.rocky9-pro.virtualmin.dev webmin[10716]: Invalid login as root from 10.211.55.2

Fail2ban works with this setup just fine!

However, I believe the option name shouldn’t point directly to syslog. We should change it, @Jamie. Let’s call it something that won’t make users think they need to install syslog.

13

That option is not on that page for me?

14

[root@xxxxxx ~]# journalctl -f -u webmin
Sep 22 20:50:30 xxxxxx systemd[1]: webmin.service: Consumed 2min 14.850s CPU time, 198.1M memory peak.
Sep 22 20:52:32 xxxxxx systemd[1]: Starting webmin.service - Webmin server daemon

Sep 22 20:52:33 xxxxxx systemd[1]: Started webmin.service - Webmin server daemon.
Sep 22 20:53:53 xxxxxx systemd[1]: Stopping webmin.service - Webmin server daemon

Sep 22 20:53:53 xxxxxx systemd[1]: webmin.service: Main process exited, code=exited, status=1/FAILURE
Sep 22 20:53:53 xxxxxx systemd[1]: webmin.service: Failed with result ‘exit-code’.
Sep 22 20:53:53 xxxxxx systemd[1]: Stopped webmin.service - Webmin server daemon.
Sep 22 20:53:53 xxxxxx systemd[1]: webmin.service: Consumed 3.490s CPU time, 110.6M memory peak.
Sep 22 20:56:43 xxxxxx systemd[1]: Starting webmin.service - Webmin server daemon

Sep 22 20:56:43 xxxxxx systemd[1]: Started webmin.service - Webmin server daemon.
^C
[root@xxxxxx ~]#

What is odd is that’s all the journalctl -f -u webmin for me, despite syslog=1 being set in miniserv.conf

15

Just did a clean VM with Alma 10, ran dnf update - rebooted and did a clean webmin install and same experience, nothing showing under “journalctl -f -u” except for service starting and stopping.

16

Why don’t you? Did you enable an option to log to syslog (the very last one from my screenshot)?

image
image1920×1070 117 KB

Because when you do, it logs it:

image
image2254×944 365 KB

And, Fail2ban tracks it:

image
image2558×874 201 KB

17

Option is entirely missing under Alma 10. In the .conf file i have syslog=1 set, but it makes no difference. Installation was from the Alma 10 Minimal ISO, not sure that if that makes a difference?

0db60abdbcaa14093eafae7c73716a78
0db60abdbcaa14093eafae7c73716a782191×818 102 KB

18

When I get a chance, possibly this evening, i will attempt an installation of virtalmin instead of webmin and see if that makes a difference.

19

Well for some unknown reason Virtualmin has the syslog option but webmin does not under Alma 10.

Just checked this via a new VM install and that system logging option is working fine (only in virtualmin)

20

I’ve gone ahead and made an issue on the github repo for this as a bug as i cant see what else it could be - Almalinua 10.0 no system logging is working · Issue #2557 · webmin/webmin · GitHub