Fail2Ban configuration to monitor multiple site logs

I’m in the process of building a new Virtualmin host on Debian 11 to replace a Debian 10 host.
I’m setting up Fail2Ban on the new system as an interim measure until we can shut down the old host and get the new host setup behind the WAF.
My question is, in the log file paths for the apache jails, is “%(apache_error_log)s” going to catch the error logs for each of the virtualmin sites
or do I need to add each site error/access log
or do I need a different string to make sure all sites are covered?

Thanks in advance

@siil-itman,

Try adding in addition to the entry noted…

/var/log/virtualmin/_access_log
/var/log/virtualmin/_error_log

*** Assuming you want to span both access and error logs for all domains ***

I believe the default variable only looks in the default apache access log located in /var/log/apache2/ folder.

If I add the full path and file name for the individual host log file, it will monitor them. I will be moving across 50+ sites to the new host and was hoping there was a wild card/ variable I could use to point it to the /var/log/virtualmin/ folder and auto add either the access or error logs as required.
Once fully live, the number of sites will change frequently +/- so I’d just love it to monitor that folder and auto add/remove!

@siil-itman,

Looks like my post was altered…

Place a “*” before “_error_log” and “_access_log”

ok, that worked!
Thanks, you have saved me a lot of pain!!

@siil-itman,

If you are following the logic of f2b, you really only need the access_log line I mentioned. I don’t think error log offers any useful info to it.

Some of the jails we are setting up use the error log

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.