Thread: fail2ban Logs
View Single Post
  #1  
Old 30th March 2009, 22:36
AdrianSmithUK AdrianSmithUK is offline
Junior Member
 
Join Date: Mar 2009
Posts: 14
Thanks: 1
Thanked 0 Times in 0 Posts
Default fail2ban Logs

Hi

I have installed fail2ban but I'm having trouble finding the logs that relate to a failed:

1. htaccess login
2. proftp login

I read the apache httpd.conf file and found that the server logs were installed in:

/etc/httpd/logs

I read the error_log file and found that these errors relate to server level errors.

For example hackers trying to find directories such as https://server.net/admin

At the bottom of the apache httpd.conf file is the directive that points to the ISPConfig includes file:

/root/ispconfig/httpd/conf/httpd.conf

Examining this file points to error logs in:

/home/www/web[n]/logs/error.log

These logs contain errors such as failed favicon download attempts etc.

If I pointed fail2ban at any of the error logs I would ban everybody who came to one of my sites.

Is there a set of logs that record every failed password attempt - proftp, apache, ssh ... etc or am I going to have to set them up myself.

The only thing I have found that is close (I am on centos5.2 64bit) is:

/var/log/secure

But this only records SSH password failures.

Any help would be appreciated.

Kind Regards,

Adrian Smith
Reply With Quote
Sponsored Links