Log fail2ban Messages to Syslog

With quite a few servers accepting SSH connections and protecting themselves using fail2ban, you very quickly recognize one thing: it makes a lot of sense to centralize fail2ban reporting using syslog.

To update fail2ban logging. you need to edit the /etc/fail2ban/fail2ban.conf file and replace this:

logtarget /var/log/fail2ban.log

with this:

logtarget = SYSLOG

Here’s how my section looks when I’m editing a file with vim:

Restart fail2ban service and enjoy:

root@s7:/var/log # systemctl reload fail2ban

See Also

• Project: Centralised RSyslog
• Colourised syslogs with grc
• Log RSyslog streams into separate files by source hostname
• Unit Tutorial Projects