Hi,
Since few weeks I don't see fail2ban report in logwatch daily summary. I assume that something must be changed in latest logwatch scripts.
I use debian logwatch package 7.7-1. But when I run logwatch --service fail2ban nothing is returned.
I'm attaching debug log:
logwatch --service fail2ban --debug high
I just downgraded logwatch to 7.5.6-1 and the summary is there:
logwatch --service fail2ban
################### Logwatch 7.5.6 (07/23/21) ####################
Processing Initiated: Fri Jan 6 11:01:53 2023
Date Range Processed: yesterday
( 2023-Jan-05 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: stdout / text
Logfiles for Host: xxxxxx
##################################################################
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans+ReBans:Unbans
postfix: [ 1:8 ]
sshd: [113:419]
---------------------- fail2ban-messages End -------------------------
###################### Logwatch End #########################
Yes, it is a deliberate change. See
@opoplawski may be able to give a reason why this was done.
An easy fix is to run with
Detail=1
in the fail2ban.conf file.Ok, that makes sense. I've updated my config and it is working again.
I just upgraded to Bookworm and am having this issue. Changing Detail=1 does not produce the summary. Tried changing Detail to 1, 2, and 10. Debug shows it reading it:
ReadConfigFile: Read Line: Detail = 2
ReadConfigFile: Name=Detail, Value=2
It does work for me, on a different Linux release, so I can't comment on Debian 12. A couple of things to check:
/etc/logwatch/conf/services/fail2ban.conf
?/var/log/fail2ban.log
unless declared differently in/etc/logwatch/conf/logfiles/fail2ban.conf
.Had the Detail = 2 in the wrong file. Had it in logfiles/fail2ban.conf. Moving to services/fail2ban.conf works. Thank you!