CentOS 7: fail2ban and logwatch

According to this bug #8885, fail2ban log levels and log file format have changed and logwatch script can no longer detect bans and unbans.

The workaround is to correct fail2ban script for logwatch until the bugfix is released. Edit /usr/share/logwatch/scripts/services/fail2ban on line 81 and perform the following replacement.

ORIGINAL::

    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {

CORRECTED::

    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/NOTICE:?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {

You can run the following command to test logwatch with updated fail2ban service.

logwatch --service fail2ban

You Might Also Like

Comments

Leave a Reply

You may use simple HTML to add links or lists to your comment. Also use <pre><code class="language-*">...</code></pre> to mark up code snippets. We support language-js, language-markup and language-css for comments.
(Optional)

This site uses Akismet to reduce spam. Learn how your comment data is processed.