Fail2ban logs not showing up

bit confused as to how to use the fail2ban content pack, very new to GreyLog.

Ive watched videos, and read the help files on GreyLog website, but can’t find the right info I need to understand how to set this up correctly.but content does not help

Ive installed it all ok, I’ve added

logtarget = SYSLOG
to jail.local to direct the logs to the syslog for collection, as directed in another post

I have added the following to /etc/rsyslog.conf

. @:1514;RSYSLOG_SyslogProtocol23Format
. @@:1514;RSYSLOG_SyslogProtocol23Format

And tcp and udp messages are present when checking show received messages.

Firewall setup ok, selinux temporary in permissive mode.

Im doing something wrong, but don’t know what, I also don’t know hoe to use the grok_patterns in the entity list.

Can someone point me in the correct direction, current version being used is Greylog 4.0

Thanks, Ollie

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.