I have installed fail2ban but I'm having trouble finding the logs that relate to a failed:
1. htaccess login
2. proftp login
I read the apache httpd.conf file and found that the server logs were installed in:
I read the error_log file and found that these errors relate to server level errors.
For example hackers trying to find directories such as https://server.net/admin
At the bottom of the apache httpd.conf file is the directive that points to the ISPConfig includes file:
Examining this file points to error logs in:
These logs contain errors such as failed favicon download attempts etc.
If I pointed fail2ban at any of the error logs I would ban everybody who came to one of my sites.
Is there a set of logs that record every failed password attempt - proftp, apache, ssh ... etc or am I going to have to set them up myself.
The only thing I have found that is close (I am on centos5.2 64bit) is:
But this only records SSH password failures.
Any help would be appreciated.