一,区分不同的后端:
日志是从哪里读取依赖于 backend 的设置,如果通过systemd读取时设置为 backend=systemd,
否则,不要设置backend或改为 backend=auto ,
如果不是通过systemd访问,设置了 backend=systemd,此时fail2ban不会读取我们设置的logpath
例子:使用systemd
[sshd]
enabled = true
filter = sshd
port = 38965
action = %(action_mwl)s
logpath = /var/log/secure
backend = systemd例子:不使用systemd
[nginx-admin]
enabled = true
filter = nginx404
port = http,https
logpath = /var/log/nginx/admin.access_log二,如何查看fail2ban设置是使用systemd还是直接读取日志?
1, 查看使用systemd后端时用 journalmatch
[root@blog ~]# fail2ban-client get sshd logpath
No file is currently monitored
[root@blog ~]# fail2ban-client get sshd journalmatch
Current match filter:
_SYSTEMD_UNIT=sshd.service + _COMM=sshd 2,查看不使用systemd后端时用logpath
[root@blog ~]# fail2ban-client get nginx-admin logpath
Current monitored log file(s):
`- /var/log/nginx/admin.access_log
[root@blog ~]# fail2ban-client get nginx-admin journalmatch
No journal match filter set标签:systemd,log,查看,logpath,sshd,fail2ban,backend From: https://www.cnblogs.com/architectforest/p/18426489