How can I have fail2ban log to an external syslog server?

Question

I'm running an Ubuntu 16.04 web server (running Webmin). I also have Graylog running on a separate server on my LAN.

I'd like to have fail2ban log itself to /var/log/fail2ban.log as well as my external syslog server, but I'm not sure how to do this.

In the fail2ban config file, there's an option to change logtarget=/var/log/fail2ban.log to logtarget = SYSLOG, but I'm not sure how to get those outputs over to the other server.

score 0 · Answer 1 · answered Oct 30 '17 at 16:10

0

I believe that Ubuntu uses rsyslog by default. Check out the "imfile" options to read your fail2ban log and set up forwarding.

See a similar question here for details. How to forward specific log file outside of /var/log with rsyslog to remote server?

answered Oct 30 '17 at 16:10

Tim Brigham

15,465
7
72
113

How can I have fail2ban log to an external syslog server?

1 Answers1