Fail2ban: A missing log file prevents fail2ban from starting on Ubuntu

Created on 31 Oct 2016  路  2Comments  路  Source: fail2ban/fail2ban

Environment:

_Fill out and check ([x]) the boxes which apply. If your Fail2Ban version is outdated,
and you can't verify that the issue persists in the recent release, better seek support
from the distribution you obtained Fail2Ban from_

  • Fail2Ban version (including any possible distribution suffixes): 0.9.3-1
  • OS, including release name/version: Ubuntu 16.04.1 LTS
  • [x] Fail2Ban installed via OS/distribution mechanisms
  • [x] You have not applied any additional foreign patches to the codebase
  • [ ] Some customizations were done to the configuration (provide details below is so)

The issue:

fail2ban does not start.

Steps to reproduce

  • install/setup postfix
  • install fail2ban
  • enable postfix jails
  • try to restart fail2ban
  • error says it cannot open /var/log/mail.warn

Expected behavior

  • server starts and warns once about the missing log file

Observed behavior

Server refuses to start.

Any additional information

Many services do not create all of their log files when getting installed or started. Some systems create their log file only once they actually output the first set of logs, which could take a long time.

Configuration, dump and another helpful excerpts

I add one file under /etc/fail2ban/jail.d/ with the following to enable postfix (postfix is installed prior to adding this to fail2ban):

# Enable the various Postfix rules and add custom parameters
#

[postfix]
enabled  = true
action   = snap-firewall-action[scheme=all,period=year]

[postfix-rbl]
enabled  = true
action   = snap-firewall-action[scheme=all,period=year]

[postfix-sasl]
enabled  = true
action   = snap-firewall-action[scheme=all,period=year]

# vim: syntax=dosini

Any customizations done to /etc/fail2ban/ configuration

No customizations.

Relevant parts of /var/log/fail2ban.log file:

This is the journal for fail2ban. I replaced the hostname with just host.

Oct 31 16:51:59 host systemd[1]: Reloading Fail2Ban Service.
Oct 31 16:51:59 host fail2ban-client[9476]: ERROR  No file(s) found for glob /var/log/mail.warn
Oct 31 16:51:59 host fail2ban-client[9476]: ERROR  Failed during configuration: Have not found any log file for postfix jail
Oct 31 16:51:59 host systemd[1]: fail2ban.service: Control process exited, code=exited status=255
Oct 31 16:51:59 host systemd[1]: Reload failed for Fail2Ban Service.

Relevant lines from monitored log files in question:

This does not apply since the file is missing.

closed-as-duplicate

Most helpful comment

I just got fail2ban installed by creating an empty auth log file.

touch /var/log/auth.log

NAME="Ubuntu"
VERSION="16.04 LTS (Xenial Xerus)"

uname -a
Linux example.com 4.9.58-armada375 #1 SMP Thu Nov 2 14:45:09 CET 2017 armv7l armv7l armv7l GNU/Linux

All 2 comments

Already several times discussed (e. g. #865, etc.).
Conclusion at the moment: don't enable jails, that you do not have (I know that is not really good enough, but...)

The solution should be provided with #1379

I will close this one, just to avoid duplicates.

I just got fail2ban installed by creating an empty auth log file.

touch /var/log/auth.log

NAME="Ubuntu"
VERSION="16.04 LTS (Xenial Xerus)"

uname -a
Linux example.com 4.9.58-armada375 #1 SMP Thu Nov 2 14:45:09 CET 2017 armv7l armv7l armv7l GNU/Linux
Was this page helpful?
0 / 5 - 0 ratings

Related issues

K1LLUM1N471 picture K1LLUM1N471  路  43Comments

Octolus picture Octolus  路  37Comments

Izorkin picture Izorkin  路  28Comments

superpuffin picture superpuffin  路  18Comments

propertunist picture propertunist  路  22Comments