I have a setup which uses ansible and vagrant to test a custom role which installs and configures fail2ban.
I have written myself a simple test playbook which uses the fail2ban
role and applies the necessary configuration as expected. My intention, however, was to also write a few lines which do an integration test such as simulate a few "failed login" attempts.
From what I saw in How can I send a message to the systemd journal from the command line?, one should be able to do something like this:
echo "Failed password for root from 1.2.3.4 port 35720 ssh2" | systemd-cat -t sshd -p err
This indeed shows up in the journalctl -f
logs, but it somehow doesn't end up in fail2ban
at all:
fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 1
| |- Total failed: 7
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 1
`- Banned IP list:
The stats from above are from my own login failures.
I also tried with different log levels (i.e. crit
, err
, info
, warning
, etc), but without any luck. Is there anything I'm doing wrong here?