OS type and version: CentOS Linux 7.9.2009
Webmin version: 1.981
Virtualmin version: 6.17 Pro
Just a heads-up in case anyone else searches for this at any time.
I have expanded the usage of the default installation of Fail2Ban which, although the automatically installed version worked well, I wanted to tweak it. But that is not what this post is about.
I wanted to see the number of bans and unbans without having to go and look at the logs directly (which is pretty low value really) so I investigated getting Logwatch to report these figures. It seems that Logwatch was/is intended to report but it isn’t doing so. After much digging and googling I found this page https://unix.stackexchange.com/questions/83980/how-can-i-enable-fail2ban-and-mod-secure-logs-to-appear-in-logwatch-on-centos-6 from 7 years ago which held the answer as follows:
Edit /usr/share/logwatch/scripts/services/fail2ban
on line 81 and perform the following
Replace this
} elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {
With this
} elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/NOTICE:?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {
It works for me so maybe others might also benefit.