Working on a server I just realized that Fail2Ban stopped running yesterday. I attempt to restart it with systemctl and the system behaves as if it started but the process isn’t there. There are no errors in the log either. It just seems to quietly die. OS is Debian 10 and my searches have yielded zip. Anyone out there that can point me in the right direction?
What logs are you looking at?
/var/log: fail2ban.log syslog daemon.log
I even looked through any other logs updated in the same timeframe. I really hate problems that don’t give me anything to go on. So frustrating.
So there nothing useful in journalctl?
Sadly no, not even an indication that I attempted to start it.
sudo systemctl status fail2ban.service
and then inspect the log
sudo journalctl -xe
Finally, decided to reboot the server and finally got an error. Seems that the apache config somehow got changed to point to the old var/log/httpd path. Wierd though that I had to reboot before I could get anything to report in an error. Glad to get it up and running again. Thanks for the suggestions.
I’m not really familiar with systemd, but wouldn’t
sudo journalctl -r -u fail2ban
be more useful?
[edit: derp, spelling]
Honestly, I’m old school *nix. I constantly forget about journalctl and go straight to /var/log.
its fail2ban.service but yeah, thats how you could drill down the logs to see only that service in the logs.