Toutes les informations vu précedemment sont aussi visibles dans les logs /var/log/fail2ban.log
En voici des morceaux intéressant :
root@fail2ban:~# cat /var/log/fail2ban.log
2022-05-06 23:00:16,047 fail2ban.server [5605]: INFO --------------------------------------------------
2022-05-06 23:00:16,047 fail2ban.server [5605]: INFO Starting Fail2ban v0.11.2
2022-05-06 23:00:16,048 fail2ban.observer [5605]: INFO Observer start...
2022-05-06 23:00:16,052 fail2ban.database [5605]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2022-05-06 23:00:16,054 fail2ban.database [5605]: WARNING New database created. Version '4'
2022-05-06 23:00:16,054 fail2ban.jail [5605]: INFO Creating new jail 'sshd'
2022-05-06 23:00:16,075 fail2ban.jail [5605]: INFO Jail 'sshd' uses pyinotify {}
2022-05-06 23:00:16,077 fail2ban.jail [5605]: INFO Initiated 'pyinotify' backend
2022-05-06 23:00:16,079 fail2ban.filter [5605]: INFO maxLines: 1
2022-05-06 23:00:16,093 fail2ban.filter [5605]: INFO maxRetry: 5
2022-05-06 23:00:16,093 fail2ban.filter [5605]: INFO findtime: 600
2022-05-06 23:00:16,093 fail2ban.actions [5605]: INFO banTime: 600
2022-05-06 23:00:16,093 fail2ban.filter [5605]: INFO encoding: UTF-8
2022-05-06 23:00:16,093 fail2ban.filter [5605]: INFO Added logfile: '/var/log/auth.log' (pos = 0, hash = 7dda1465594c84822d3e9fd5fe7f03546f593f47)
2022-05-06 23:00:16,096 fail2ban.jail [5605]: INFO Jail 'sshd' started
2022-05-06 23:00:19,665 fail2ban.server [5605]: INFO Shutdown in progress...
2022-05-06 23:00:19,665 fail2ban.observer [5605]: INFO Observer stop ... try to end queue 5 seconds
2022-05-06 23:00:19,685 fail2ban.observer [5605]: INFO Observer stopped, 0 events remaining.
2022-05-06 23:00:19,726 fail2ban.server [5605]: INFO Stopping all jails
2022-05-06 23:00:19,726 fail2ban.filter [5605]: INFO Removed logfile: '/var/log/auth.log'
2022-05-06 23:00:20,102 fail2ban.actions [5605]: NOTICE [sshd] Flush ticket(s) with iptables-multiport
2022-05-06 23:00:20,102 fail2ban.jail [5605]: INFO Jail 'sshd' stopped
2022-05-06 23:00:20,103 fail2ban.database [5605]: INFO Connection to database closed.
2022-05-06 23:00:20,103 fail2ban.server [5605]: INFO Exiting Fail2ban
2022-05-06 23:00:20,208 fail2ban.server [5896]: INFO --------------------------------------------------
2022-05-06 23:00:20,209 fail2ban.server [5896]: INFO Starting Fail2ban v0.11.2
2022-05-06 23:00:20,209 fail2ban.observer [5896]: INFO Observer start...
2022-05-06 23:00:20,211 fail2ban.database [5896]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2022-05-06 23:00:20,212 fail2ban.jail [5896]: INFO Creating new jail 'sshd'
2022-05-06 23:00:20,222 fail2ban.jail [5896]: INFO Jail 'sshd' uses pyinotify {}
2022-05-06 23:00:20,225 fail2ban.jail [5896]: INFO Initiated 'pyinotify' backend
2022-05-06 23:00:20,226 fail2ban.filter [5896]: INFO maxLines: 1
2022-05-06 23:00:20,240 fail2ban.filter [5896]: INFO maxRetry: 3
2022-05-06 23:00:20,240 fail2ban.filter [5896]: INFO findtime: 300
2022-05-06 23:00:20,240 fail2ban.actions [5896]: INFO banTime: 300
2022-05-06 23:00:20,240 fail2ban.filter [5896]: INFO encoding: UTF-8
2022-05-06 23:00:20,240 fail2ban.filter [5896]: INFO Added logfile: '/var/log/auth.log' (pos = 394, hash = 7dda1465594c84822d3e9fd5fe7f03546f593f47)
2022-05-06 23:00:20,241 fail2ban.jail [5896]: INFO Creating new jail 'portscan'
2022-05-06 23:00:20,241 fail2ban.jail [5896]: INFO Jail 'portscan' uses pyinotify {}
2022-05-06 23:00:20,243 fail2ban.jail [5896]: INFO Initiated 'pyinotify' backend
2022-05-06 23:00:20,244 fail2ban.filter [5896]: INFO maxRetry: 5
2022-05-06 23:00:20,244 fail2ban.filter [5896]: INFO findtime: 300
2022-05-06 23:00:20,244 fail2ban.actions [5896]: INFO banTime: 300
2022-05-06 23:00:20,244 fail2ban.filter [5896]: INFO encoding: UTF-8
2022-05-06 23:00:20,244 fail2ban.filter [5896]: INFO Added logfile: '/var/log/syslog' (pos = 0, hash = ddbc02d9f50cdf1fbb147ef9d69f9253b211775c)
2022-05-06 23:00:20,245 fail2ban.jail [5896]: INFO Creating new jail 'requests'
2022-05-06 23:00:20,245 fail2ban.jail [5896]: INFO Jail 'requests' uses pyinotify {}
2022-05-06 23:00:20,248 fail2ban.jail [5896]: INFO Initiated 'pyinotify' backend
2022-05-06 23:00:20,249 fail2ban.filter [5896]: INFO maxRetry: 3
2022-05-06 23:00:20,249 fail2ban.filter [5896]: INFO findtime: 300
2022-05-06 23:00:20,249 fail2ban.actions [5896]: INFO banTime: 300
2022-05-06 23:00:20,249 fail2ban.filter [5896]: INFO encoding: UTF-8
2022-05-06 23:00:20,249 fail2ban.filter [5896]: INFO Added logfile: '/var/log/nginx/access.log' (pos = 0, hash = da39a3ee5e6b4b0d3255bfef95601890afd80709)
2022-05-06 23:00:20,250 fail2ban.jail [5896]: INFO Jail 'sshd' started
2022-05-06 23:00:20,263 fail2ban.jail [5896]: INFO Jail 'portscan' started
2022-05-06 23:00:20,264 fail2ban.jail [5896]: INFO Jail 'requests' started
On peut voir les logs de Ban puis 5 minutes apres Unban du ssh
2022-05-06 23:08:34,818 fail2ban.filter [5896]: INFO [sshd] Found 192.168.2.222 - 2022-05-06 23:08:34
2022-05-06 23:08:42,200 fail2ban.filter [5896]: INFO [sshd] Found 192.168.2.222 - 2022-05-06 23:08:42
2022-05-06 23:08:47,495 fail2ban.filter [5896]: INFO [sshd] Found 192.168.2.222 - 2022-05-06 23:08:47
2022-05-06 23:08:47,512 fail2ban.actions [5896]: NOTICE [sshd] Ban 192.168.2.222
[...]
2022-05-06 23:13:47,118 fail2ban.actions [5896]: NOTICE [sshd] Unban 192.168.2.222
On peut voir les logs de Ban puis 5 minutes apres Unban du portscan
2022-05-06 23:30:52,572 fail2ban.filter [5896]: INFO [portscan] Found 192.168.2.222 - 2022-05-06 23:30:52
2022-05-06 23:30:52,996 fail2ban.actions [5896]: NOTICE [portscan] Ban 192.168.2.222
[...]
2022-05-06 23:35:52,226 fail2ban.actions [5896]: NOTICE [portscan] Unban 192.168.2.222
On peut voir les logs de Ban puis 5 minutes apres Unban des requests
2022-05-06 23:30:39,723 fail2ban.filter [5896]: INFO [requests] Found 192.168.2.222 - 2022-05-06 23:30:39
2022-05-06 23:30:40,425 fail2ban.filter [5896]: INFO [requests] Found 192.168.2.222 - 2022-05-06 23:30:40
2022-05-06 23:30:41,128 fail2ban.filter [5896]: INFO [requests] Found 192.168.2.222 - 2022-05-06 23:30:40
2022-05-06 23:30:41,158 fail2ban.actions [5896]: NOTICE [requests] Ban 192.168.2.222
[...]
2022-05-06 23:35:40,164 fail2ban.actions [5896]: NOTICE [requests] Unban 192.168.2.222