Viewing Fail2Ban reports in Logwatch (RESOLVED)

OS type and version: CentOS Linux 7.9.2009

Webmin version: 1.981
Virtualmin version: 6.17 Pro

Just a heads-up in case anyone else searches for this at any time.

I have expanded the usage of the default installation of Fail2Ban which, although the automatically installed version worked well, I wanted to tweak it. But that is not what this post is about.

I wanted to see the number of bans and unbans without having to go and look at the logs directly (which is pretty low value really) so I investigated getting Logwatch to report these figures. It seems that Logwatch was/is intended to report but it isn’t doing so. After much digging and googling I found this page https://unix.stackexchange.com/questions/83980/how-can-i-enable-fail2ban-and-mod-secure-logs-to-appear-in-logwatch-on-centos-6 from 7 years ago which held the answer as follows:

Edit /usr/share/logwatch/scripts/services/fail2ban on line 81 and perform the following

Replace this

} elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {

With this

} elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/NOTICE:?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {

It works for me so maybe others might also benefit.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.