fail2ban Logs

[AdrianSmithUK]

Hi

I have installed fail2ban but I'm having trouble finding the logs that relate to a failed:

1. htaccess login
2. proftp login

I read the apache httpd.conf file and found that the server logs were installed in:

/etc/httpd/logs

I read the error_log file and found that these errors relate to server level errors.

For example hackers trying to find directories such as https://server.net/admin

At the bottom of the apache httpd.conf file is the directive that points to the ISPConfig includes file:

/root/ispconfig/httpd/conf/httpd.conf

Examining this file points to error logs in:

/home/www/web[n]/logs/error.log

These logs contain errors such as failed favicon download attempts etc.

If I pointed fail2ban at any of the error logs I would ban everybody who came to one of my sites.

Is there a set of logs that record every failed password attempt - proftp, apache, ssh ... etc or am I going to have to set them up myself.

The only thing I have found that is close (I am on centos5.2 64bit) is:

/var/log/secure

But this only records SSH password failures.

Any help would be appreciated.

Kind Regards,

Adrian Smith

[lano]

Take a look this tutorial http://www.howtoforge.com/fail2ban_debian_etch

[AdrianSmithUK]

Hi Iano

Thanks for the reply.

I wish it was that simple. I have setup fail2ban and it's running nicely. However, my logs are different to the tutorial and I can't fine the logs that record a failed apache login or a failed proftp login on a per website basis.

Does anybody know where ISPConfig records failed logins?

Kind Regards,

Adrian Smith

[falko]

The error logs are located in /var/www/web1/log, /var/www/web2/log, etc.

[AdrianSmithUK]

Thanks but I think you missed the line above.

I have checked:

/home/www/web[n]/logs/error.log

They do not detect failed htaccess/ftp login attempts.

Should they?

Kind Regards

Adrian

[falko]

Oh, sorry, I must have overread that.

Did you check the overall Apache error log and the auth log in /var/log?