Cannot make the fail2ban setup guide work with systemd journal
402PaymentReq opened this issue · comments
Debian 12.1 (systemd journal is default)
fail2ban version 1.0.2
Trying to make fail2ban filter + jail work.
Shadowsocks authentication errors in logs match filter regex correctly. fail2ban is up, nothing unusual in logs. But "fail2ban-client status shadowsocks-libev" fails to reflect failures to authenticate (sshd jail does work correctly, though)
- Changes in jail.conf:
[DEFAULT]
backend = systemd
- Shadowsocks filter:
[INCLUDES]
before = common.conf
[Definition]
_daemon = ss-server
failregex = ^\w+\s+\d+ \d+:\d+:\d+\s+%(__prefix_line)sERROR:\s+failed to handshake with : authentication error$
ignoreregex =
datepattern = %%Y-%%m-%%d %%H:%%M:%%S
journalmatch = _SYSTEMD_UNIT=shadowsocks-libev.service
- Shadowsocks jail:
[shadowsocks-libev]
enabled = true
filter = shadowsocks-libev
port = 8839
maxretry = 3
findtime = 3600
bantime = 3600
What am I doing wrong?
Thanks!