I don't understand, what log level format Fail2ban is expecting, seems to be both...
Basically if I set the log level with a numeric the config is refused and got the error message above,
but if I use string to set the log level (ERROR, WARNING, NOTICE, INFO, DEBUG) everything works properly.
My understanding is that fail2ban is supporting both format in the fail2ban.conf
file but this is not what I'm experiencing.
In /etc/fail2ban/fail2ban.conf set loglevel = 1
I'm expecting to see only the ERROR message showing up in fail2ban.log
On fail2ban-client reload
I got an error message ERROR NOK: ('Invalid log level',)
This is impacting a 3rd party tool (Webmin #742) to setup fail2ban.
Not 100% sure if it's a fail2ban issue or Debian package maintainer issue...
fail2ban config reader is expecting string #657 not sure if it as an impact here...
This config is not working, see loglevel
# Fail2Ban main configuration file
#
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in fail2ban.local file, e.g.:
#
# [Definition]
# loglevel = DEBUG
#
[Definition]
# Option: loglevel
# Notes.: Set the log level output.
# CRITICAL
# ERROR
# WARNING
# NOTICE
# INFO
# DEBUG
# Values: [ LEVEL ] Default: ERROR
#
loglevel = 1
# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
# Only one log target can be specified.
# If you change logtarget from the default value and you are
# using logrotate -- also adjust or disable rotation in the
# corresponding configuration file
# (e.g. /etc/logrotate.d/fail2ban on Debian systems)
# Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR
#
logtarget = /var/log/fail2ban.log
# Option: syslogsocket
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
# auto uses platform.system() to determine predefined paths
# Values: [ auto | FILE ] Default: auto
syslogsocket = auto
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
# communicate with the server afterwards.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
# fail2ban server.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid
# Options: dbfile
# Notes.: Set the file for the fail2ban persistent data to be stored.
# A value of ":memory:" means database is only stored in memory
# and data is lost when fail2ban is stopped.
# A value of "None" disables the database.
# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours)
dbpurgeage = 86400
This config is working properly
# Fail2Ban main configuration file
#
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in fail2ban.local file, e.g.:
#
# [Definition]
# loglevel = DEBUG
#
[Definition]
# Option: loglevel
# Notes.: Set the log level output.
# CRITICAL
# ERROR
# WARNING
# NOTICE
# INFO
# DEBUG
# Values: [ LEVEL ] Default: ERROR
#
loglevel = INFO
# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
# Only one log target can be specified.
# If you change logtarget from the default value and you are
# using logrotate -- also adjust or disable rotation in the
# corresponding configuration file
# (e.g. /etc/logrotate.d/fail2ban on Debian systems)
# Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR
#
logtarget = /var/log/fail2ban.log
# Option: syslogsocket
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
# auto uses platform.system() to determine predefined paths
# Values: [ auto | FILE ] Default: auto
syslogsocket = auto
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
# communicate with the server afterwards.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
# fail2ban server.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid
# Options: dbfile
# Notes.: Set the file for the fail2ban persistent data to be stored.
# A value of ":memory:" means database is only stored in memory
# and data is lost when fail2ban is stopped.
# A value of "None" disables the database.
# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours)
dbpurgeage = 86400
When loglevel is set to *1 *
2017-12-27 06:50:02,125 fail2ban.jail [8231]: INFO Jail 'libwww-perl' stopped
2017-12-27 06:50:02,630 fail2ban.jail [8231]: INFO Jail 'apache-auth' stopped
2017-12-27 06:50:02,957 fail2ban.jail [8231]: INFO Jail 'apache-noscript' stopped
2017-12-27 06:50:03,879 fail2ban.jail [8231]: INFO Jail 'WebServerScanner' stopped
2017-12-27 06:50:04,344 fail2ban.jail [8231]: INFO Jail 'pass2allow-ftp' stopped
2017-12-27 06:50:05,180 fail2ban.jail [8231]: INFO Jail 'php-url-fopen' stopped
2017-12-27 06:50:05,183 fail2ban.transmitter [8231]: WARNING Command ['set', 'loglevel', '1'] has failed. Received ValueError('Invalid log level',)
2017-12-27 06:50:05,186 fail2ban.server [8231]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2017-12-27 06:50:05,187 fail2ban.jail [8231]: INFO Creating new jail 'sshd-ddos'
2017-12-27 06:50:05,188 fail2ban.jail [8231]: INFO Jail 'sshd-ddos' uses pyinotify {}
2017-12-27 06:50:05,206 fail2ban.jail [8231]: INFO Initiated 'pyinotify' backend
2017-12-27 06:50:05,209 fail2ban.actions [8231]: INFO Set banTime = 60000
2017-12-27 06:50:05,210 fail2ban.filter [8231]: INFO Set jail log file encoding to UTF-8
2017-12-27 06:50:05,213 fail2ban.filter [8231]: INFO Set findtime = 600
2017-12-27 06:50:05,216 fail2ban.filter [8231]: INFO Added logfile = /var/log/auth.log
When log level is set to INFO
2017-12-27 06:55:42,222 fail2ban.jail [8231]: INFO Jail 'libwww-perl' stopped
2017-12-27 06:55:43,128 fail2ban.jail [8231]: INFO Jail 'apache-auth' stopped
2017-12-27 06:55:43,422 fail2ban.jail [8231]: INFO Jail 'apache-noscript' stopped
2017-12-27 06:55:44,296 fail2ban.jail [8231]: INFO Jail 'WebServerScanner' stopped
2017-12-27 06:55:44,857 fail2ban.jail [8231]: INFO Jail 'pass2allow-ftp' stopped
2017-12-27 06:55:45,353 fail2ban.jail [8231]: INFO Jail 'php-url-fopen' stopped
2017-12-27 06:55:45,362 fail2ban.server [8231]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2017-12-27 06:55:45,367 fail2ban.jail [8231]: INFO Creating new jail 'sshd-ddos'
2017-12-27 06:55:45,368 fail2ban.jail [8231]: INFO Jail 'sshd-ddos' uses pyinotify {}
2017-12-27 06:55:45,386 fail2ban.jail [8231]: INFO Initiated 'pyinotify' backend
2017-12-27 06:55:45,391 fail2ban.filter [8231]: INFO Set findtime = 600
2017-12-27 06:55:45,396 fail2ban.filter [8231]: INFO Added logfile = /var/log/auth.log
Thanks for any input
Kind regards
Matth
Since v.0.10 you can use both forms of log-level (so numeric also).
BTW. Value of 1 would be thereby very-heavy-debug level.
For corresponding numeric values see Logging Levels in python documentation.
Duplicate of #1968
@sebres ,
Just to clarify how things are done in term of setting the logs level.
my understanding is
< 0.8.x : set log level using numeric only
0.9.x : set log level using string only
> 0.10 : Set log level with both numeric and string
I'm I right with this statement ?
Thanks for the clarifications
Matth
\< 0.8.x : set log level using numeric only
It looks indeed so, but according to the code it was another "numeric" [0..3].
Now the numeric values are the same values as python-logging expects it.
OK, then it would be summarized like this:
< 0.8.x : set log level using numeric only [ 0...3]
0.9.x : set log level using string only
> 0.10 : Set log level with both numeric and string (python log level)
_Source:_
< 0.8.x
https://github.com/fail2ban/fail2ban/blob/0.8/server/server.py#L321
0.9.x
https://github.com/fail2ban/fail2ban/blob/0.9/fail2ban/client/fail2banreader.py
https://github.com/fail2ban/fail2ban/blob/0.9/fail2ban/server/server.py#L#316
> 0.10
https://github.com/fail2ban/fail2ban/issues/1968
https://github.com/fail2ban/fail2ban/blob/0.9/fail2ban/server/server.py#L#529
Matth
Most helpful comment
Since v.0.10 you can use both forms of log-level (so numeric also).
BTW. Value of 1 would be thereby very-heavy-debug level.
For corresponding numeric values see Logging Levels in python documentation.
Duplicate of #1968