A site for solving at least some of your technical problems...
A site for solving at least some of your technical problems...
Today I noticed that my fail2ban wasn't running.
Looking into it, I could see that an error was happening on startup. This pretty much always mean that something's wrong in the configuration files.
sudo systemctl start fail2ban Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
However, somehow, systemd would not show me the error with the status or checking the journal and it would not write anything to the /var/log/fail2ban.log file which stayed totally empty.
prompt % systemctl status fail2ban ● fail2ban.service - Fail2Ban Service Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled) Active: inactive (dead) (Result: exit-code) since Sat 2017-05-27 03:30:42 UTC; 9min ago Docs: man:fail2ban(1) Process: 15483 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255) May 27 03:30:42 m2osw.com systemd[1]: fail2ban.service: Control process exited, code=exited status=255 May 27 03:30:42 m2osw.com systemd[1]: Failed to start Fail2Ban Service. May 27 03:30:42 m2osw.com systemd[1]: fail2ban.service: Unit entered failed state. May 27 03:30:42 m2osw.com systemd[1]: fail2ban.service: Failed with result 'exit-code'. May 27 03:30:42 m2osw.com systemd[1]: fail2ban.service: Service hold-off time over, scheduling restart. May 27 03:30:42 m2osw.com systemd[1]: Stopped Fail2Ban Service. May 27 03:30:42 m2osw.com systemd[1]: fail2ban.service: Start request repeated too quickly. May 27 03:30:42 m2osw.com systemd[1]: Failed to start Fail2Ban Service. May 27 03:36:50 m2osw.com systemd[1]: Stopped Fail2Ban Service.
In order to find the configuration error, I instead had to run the start process by hand. So first I made sure it was stopped, and then I ran the start command as found in the /etc/systemd/system/multi-user.target.wants/fail2ban.service file:
prompt % sudo /usr/bin/fail2ban-client stop ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
And then:
prompt % sudo /usr/bin/fail2ban-client -x start ERROR No file(s) found for glob /var/log/mail.log ERROR Failed during configuration: Have not found any log file for postfix jail
Now I can see why and where the error is happening.
We moved all the mail logs under /var/log/mail/... so the path needed to be updated to /var/log/mail/mail.log.
Once that was done, the normal systemctl command worked as expected:
prompt % sudo systemctl start fail2ban
Finally, this did not generate any error.
Re: How to find fail2ban errors when logs/errors don't make ...
Worked like a charm, thanks a bunch
Re: How to find fail2ban errors when logs/errors don't make ...
Thank you very much for your hints.
After a few corrections Fail2ban is working now.
Cheers
Mike
Re: How to find fail2ban errors when logs/errors don't make ...
Still valid 2019/05/29
Thanks for sharing simple commands. I was able to fix my jail.local file in minutes after reading through your blog.
Re: How to find fail2ban errors when logs/errors don't make ...
Thank you for your detailed assistance.
Invaluable when trying to find why fail2ban would not run on Debian9.3.