From: Neil D. <ne...@da...> - 2013-01-25 14:54:46
|
Hi Fabian, On Friday 25 January 2013 15:31:52 Fabian Wenk wrote: > Check the logpath= option for your sshd-ddos jail, something > seems to be wrong there. Thank you for responding. My jail.conf entries all have "enabled = false" so nothing to see there. My jail.local just contains: [DEFAULT] bantime = 10800 usedns = no [sshd] enabled = true filter = sshd action = shorewall logpath = /var/log/auth.log [sshd-ddos] enabled = true filter = sshd-ddos action = shorewall logpath = /var/log/auth.log Additionally, I did: cd /etc/fail2ban find . -type f -exec grep -Hi 'var/log/sa' '{}' ';' which produced no output. I can't see why fail2ban would want to go into /var/log/sa from my configuration, hence my question. Regards, Neil Darlow |