CentOS 7: fail2ban and logwatch

According to this bug #8885, fail2ban log levels and log file format have changed and logwatch script can no longer detect bans and unbans.

The workaround is to correct fail2ban script for logwatch until the bugfix is released. Edit /usr/share/logwatch/scripts/services/fail2ban on line 81 and perform the following replacement.


    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {


    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/NOTICE:?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {

You can run the following command to test logwatch with updated fail2ban service.

logwatch --service fail2ban

You May Also Like


Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.