On 8/16/24 11:45 PM, David C. Rankin wrote:
All,
I've posted to the forum, but haven't received any suggestions
https://bbs.archlinux.org/viewtopic.php?pid=2190182#p2190182
The title says it all. When fail2ban is configured to include log lines in
the e-mail it sends when a ban it triggered, no log lines are included. The
whois info is included, but not the log lines.
Does anybody have this working? Does this need a bug report to have
something tweaked to work with the journal on Arch?
Well,
I have it solved after an extended discussion with the very helpful
fail2ban maintainer. There are additional steps required for fail2ban to
report the log lines (journal entries) with systemd not covered in the wiki.
The configuration needed with Arch are covered in the answer to the bbs post:
https://bbs.archlinux.org/viewtopic.php?id=298572
The notification e-mail now includes the relevant log entries which is a
welcomed convenience.
The bbs thread also contains links to the github discussion with the
maintainer that includes additional tips and tricks that simplifies testing
your config with fail2ban.
--
David C. Rankin, J.D.,P.E.
