I have this issue in Rocky Linux 9 (LXC container) with fail2ban.
This is my [sshd] conf in jail.local :
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3
enabled = true
This is what I get :
-# fail2ban-client get sshd logpath
No file is currently monitored
I have no idea what is wrong with it since it should be default, or close to the default config.
Any idea what I should do please ?
Thanks for your help
fail2ban-client get logtarget
?
%(sshd_log)s
Is value defined elsewhere in Fail2ban’s standard configuration ?
fail2ban-client -vvd 2>&1 | grep -i 'sshd_log'
?
cat /etc/fail2ban/paths-common.conf | grep -i sshd_log
?
(
my answer is:
sshd_log = %(syslog_authpriv)s
)
cat /etc/fail2ban/paths-common.conf | grep -i syslog_authpriv
?
(
my answer is:
syslog_authpriv = /var/log/auth.log
sshd_log = %(syslog_authpriv)s
dropbear_log = %(syslog_authpriv)s
)thank you for your reply @rlamintegrator
If i’m not mistaken, I have the same results you have :
~ » fail2ban-client -vvd 2>&1 | grep -i 'sshd_log'
returns nothing
~ » cat /etc/fail2ban/paths-common.conf | grep -i sshd_log
sshd_log = %(syslog_authpriv)s
~ » cat /etc/fail2ban/paths-common.conf | grep -i syslog_authpriv
syslog_authpriv = /var/log/auth.log
sshd_log = %(syslog_authpriv)s
dropbear_log = %(syslog_authpriv)s
Don’t know 
Perhaps a comparison with these results will help you
# cat /etc/redhat-release
Rocky Linux release 9.2 (Blue Onyx)
# cat /etc/fail2ban/jail.local | grep -v ^#
[DEFAULT]
action = %(action_mwl)s
banaction = nftables-multiport
chain = input
[sshd]
enabled = true
bantime = 5m
maxretry = 10
# cat /etc/fail2ban/jail.conf | grep -i "\[sshd\]" -A 15
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
# cat /etc/fail2ban/paths-common.conf | grep -i sshd_backend
sshd_backend = %(default_backend)s
# cat /etc/fail2ban/paths-common.conf | grep -i "sshd"
sshd_log = %(syslog_authpriv)s
sshd_backend = %(default_backend)s
# ls -la /var/log/fail2ban.log
-rw------- 1 root root 5064 Jun 3 10:02 /var/log/fail2ban.log
# ls -la /var/log/messages
-rw------- 1 root root 8701535 Jun 3 20:00 /var/log/messages
# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
# fail2ban-client get loglevel
Current logging level is INFO
# fail2ban-client get logtarget
Current logging target is:
`- /var/log/fail2ban.log
# fail2ban-client get syslogsocket
Current syslog socket is:
`- auto
Thank you a lot, @rlamintegrator
In the end, it kind of solves itself but your answer (and conf) helped me figure out a few things.
I can confirm it’s finally working after seeing a few bans already.
My guess is, my recent upgrade fron rocky 8 to rocky 9 (which has been a bit … rocky) has messup a few files or something.
Anyway, thank you for you help.
@rlamintegrator Please use the editing tools when composing your post so that it makes it far easier to read than how you posted it (like I’ve done to edit and fix your post). Thx 