Using WP fail2ban with systemd logging

  • Resolved rhodie

    (@rhodie)


    5 years ago

    Can you help with configuring fail2ban for systemd logging? I can see that wp-fail2ban is adding lines that are visible with journalctl, but fail2ban isn’t picking them up.

    My config in jail.local:

    [wordpress-hard]
enabled = true
filter = wordpress-hard
maxretry = 1
port = http,https
backend = systemd

    The wp-fail2ban journal lines look like this:
    Mar 05 21:55:26 SERVER.FQDN wordpress(VIRTUAL.FQDN)[246821]: Authentication attempt for unknown user USERNAME from IP_ADDRESS

    fail2ban-regex does match that line against the wordpress-hard filter.

    The weird thing is that the phpMyAdmin configuration is basically identical but fail2ban picks up the phpMyAdmin lines from the journal.

    • This topic was modified 5 years ago by rhodie. Reason: format code
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Using WP fail2ban with systemd logging’ is closed to new replies.