Check Fail2ban Status
# Service status
sudo systemctl status fail2ban
# Jail status
sudo fail2ban-client status
# Specific jail status
sudo fail2ban-client status sshd
# Current bans
sudo fail2ban-client bannedVerify Jail is Enabled
# Check jail.local (not .conf - .conf is overwritten on update)
sudo nano /etc/fail2ban/jail.local
# Example for SSH
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 600
findtime = 600Restart after changes:
sudo systemctl restart fail2banCheck Log Paths
Fail2ban reads specific log files. Verify they exist and have correct permissions:
# Debian/Ubuntu
ls -la /var/log/auth.log
# CentOS/RHEL
ls -la /var/log/secure
# Journal based (for systemd)
sudo journalctl -u sshd -fUpdate jail.local with correct logpath.
Test Filter Regex
# Test if fail2ban can match failures
sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
# Create test failure
ssh nonexistent@localhost
# Then check if fail2ban detects itCheck Ban Action
Action may be misconfigured or not installed:
# Test iptables ban manually
sudo iptables -I fail2ban-sshd -s BAD_IP -j DROP
# Check fail2ban actions
sudo fail2ban-client action listResolve Log Rotation Issues
After log rotate, fail2ban may stop reading:
sudo systemctl restart fail2banAdd to logrotate config:
# /etc/logrotate.d/rsyslog
postrotate
systemctl restart fail2ban
endscriptIncrease Log Level for Debugging
# /etc/fail2ban/fail2ban.local
[Definition]
loglevel = DEBUG
sudo systemctl restart fail2ban
sudo tail -f /var/log/fail2ban.log