# tail -f /var/log/fail2ban.log
2013-03-18 23:46:53,810 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.8
2013-03-18 23:46:53,812 fail2ban.comm : DEBUG Command: ['add', 'ssh-iptables', 'auto']
2013-03-18 23:46:53,812 fail2ban.jail : INFO Creating new jail 'ssh-iptables'
2013-03-18 23:46:53,813 fail2ban.jail : DEBUG Backend 'pyinotify' failed to initialize due to No module named pyinotify
2013-03-18 23:46:53,813 fail2ban.jail : DEBUG Backend 'gamin' failed to initialize due to No module named gamin
2013-03-18 23:46:53,813 fail2ban.jail : INFO Jail 'ssh-iptables' uses poller
2013-03-18 23:46:53,843 fail2ban.filter : DEBUG Setting usedns = warn for FilterPoll(Jail('ssh-iptables'))
2013-03-18 23:46:53,867 fail2ban.filter : DEBUG Created FilterPoll(Jail('ssh-iptables'))
2013-03-18 23:46:53,867 fail2ban.filter : DEBUG Created FilterPoll
2013-03-18 23:46:53,867 fail2ban.jail : INFO Initiated 'polling' backend
2013-03-18 23:46:53,869 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'usedns', 'no']
2013-03-18 23:46:53,869 fail2ban.filter : DEBUG Setting usedns = no for FilterPoll(Jail('ssh-iptables'))
2013-03-18 23:46:53,870 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addlogpath', '/var/log/sshd.log']
2013-03-18 23:46:53,871 fail2ban.filter : INFO Added logfile = /var/log/sshd.log
2013-03-18 23:46:53,872 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'maxretry', '3']
2013-03-18 23:46:53,872 fail2ban.filter : INFO Set maxRetry = 3
2013-03-18 23:46:53,873 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addignoreip', '127.0.0.1/8']
2013-03-18 23:46:53,873 fail2ban.filter : DEBUG Add 127.0.0.1/8 to ignore list
2013-03-18 23:46:53,874 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'findtime', '600']
2013-03-18 23:46:53,875 fail2ban.filter : INFO Set findtime = 600
2013-03-18 23:46:53,877 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'bantime', '600']
2013-03-18 23:46:53,878 fail2ban.actions: INFO Set banTime = 600
2013-03-18 23:46:53,879 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\\s*$']
2013-03-18 23:46:53,889 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\\s*$']
2013-03-18 23:46:53,900 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Failed (?:password|publickey) for .* from <HOST>(?: port \\d*)?(?: ssh\\d*)?\\s*$']
2013-03-18 23:46:53,911 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*ROOT LOGIN REFUSED.* FROM <HOST>\\s*$']
2013-03-18 23:46:53,921 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*[iI](?:llegal|nvalid) user .* from <HOST>\\s*$']
2013-03-18 23:46:53,931 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User .+ from <HOST> not allowed because not listed in AllowUsers\\s*$']
2013-03-18 23:46:53,942 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User .+ from <HOST> not allowed because listed in DenyUsers\\s*$']
2013-03-18 23:46:53,953 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:pam_unix\\(sshd:auth\\):\\s)?authentication failure; logname=\\S* uid=\\S* euid=\\S* tty=\\S* ruser=\\S* rhost=<HOST>(?:\\s+user=.*)?\\s*$']
2013-03-18 23:46:53,966 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*refused connect from \\S+ \\(<HOST>\\)\\s*$']
2013-03-18 23:46:53,977 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', "^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*$"]
2013-03-18 23:46:53,989 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addaction', 'iptables']
2013-03-18 23:46:53,990 fail2ban.actions.action: DEBUG Created Action
2013-03-18 23:46:53,991 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
2013-03-18 23:46:53,991 fail2ban.actions.action: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2013-03-18 23:46:53,992 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'actionstop', 'iptables', 'iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
2013-03-18 23:46:53,993 fail2ban.actions.action: DEBUG Set actionStop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2013-03-18 23:46:53,994 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>']
2013-03-18 23:46:53,994 fail2ban.actions.action: DEBUG Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
2013-03-18 23:46:53,995 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j DROP']
2013-03-18 23:46:53,996 fail2ban.actions.action: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2013-03-18 23:46:53,997 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'actioncheck', 'iptables', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
2013-03-18 23:46:53,997 fail2ban.actions.action: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
2013-03-18 23:46:53,998 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp']
2013-03-18 23:46:54,000 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'name', 'SSH']
2013-03-18 23:46:54,001 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'chain', 'INPUT']
2013-03-18 23:46:54,002 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'port', 'ssh']
2013-03-18 23:46:54,003 fail2ban.comm : DEBUG Command: ['add', 'proftpd-iptables', 'auto']
2013-03-18 23:46:54,003 fail2ban.jail : INFO Creating new jail 'proftpd-iptables'
2013-03-18 23:46:54,004 fail2ban.jail : DEBUG Backend 'pyinotify' failed to initialize due to No module named pyinotify
2013-03-18 23:46:54,004 fail2ban.jail : DEBUG Backend 'gamin' failed to initialize due to No module named gamin
2013-03-18 23:46:54,005 fail2ban.jail : INFO Jail 'proftpd-iptables' uses poller
2013-03-18 23:46:54,005 fail2ban.filter : DEBUG Setting usedns = warn for FilterPoll(Jail('proftpd-iptables'))
2013-03-18 23:46:54,006 fail2ban.filter : DEBUG Created FilterPoll(Jail('proftpd-iptables'))
2013-03-18 23:46:54,007 fail2ban.filter : DEBUG Created FilterPoll
2013-03-18 23:46:54,007 fail2ban.jail : INFO Initiated 'polling' backend
2013-03-18 23:46:54,008 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'usedns', 'no']
2013-03-18 23:46:54,008 fail2ban.filter : DEBUG Setting usedns = no for FilterPoll(Jail('proftpd-iptables'))
2013-03-18 23:46:54,009 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addlogpath', '/var/log/proftpd/auth.log']
2013-03-18 23:46:54,010 fail2ban.filter : INFO Added logfile = /var/log/proftpd/auth.log
2013-03-18 23:46:54,011 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'maxretry', '6']
2013-03-18 23:46:54,012 fail2ban.filter : INFO Set maxRetry = 6
2013-03-18 23:46:54,013 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addignoreip', '127.0.0.1/8']
2013-03-18 23:46:54,013 fail2ban.filter : DEBUG Add 127.0.0.1/8 to ignore list
2013-03-18 23:46:54,014 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'findtime', '600']
2013-03-18 23:46:54,014 fail2ban.filter : INFO Set findtime = 600
2013-03-18 23:46:54,015 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'bantime', '600']
2013-03-18 23:46:54,016 fail2ban.actions: INFO Set banTime = 600
2013-03-18 23:46:54,017 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addfailregex', '\\(\\S+\\[<HOST>\\]\\)[: -]+ USER \\S+: no such user found from \\S+ \\[\\S+\\] to \\S+:\\S+ *$']
2013-03-18 23:46:54,021 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addfailregex', '\\(\\S+\\[<HOST>\\]\\)[: -]+ USER \\S+ \\(Login failed\\): .*$']
2013-03-18 23:46:54,025 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addfailregex', '\\(\\S+\\[<HOST>\\]\\)[: -]+ SECURITY VIOLATION: \\S+ login attempted\\. *$']
2013-03-18 23:46:54,029 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addfailregex', '\\(\\S+\\[<HOST>\\]\\)[: -]+ Maximum login attempts \\(\\d+\\) exceeded *$']
2013-03-18 23:46:54,033 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addaction', 'iptables']
2013-03-18 23:46:54,034 fail2ban.actions.action: DEBUG Created Action
2013-03-18 23:46:54,035 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
2013-03-18 23:46:54,035 fail2ban.actions.action: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2013-03-18 23:46:54,036 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'actionstop', 'iptables', 'iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
2013-03-18 23:46:54,037 fail2ban.actions.action: DEBUG Set actionStop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2013-03-18 23:46:54,038 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>']
2013-03-18 23:46:54,038 fail2ban.actions.action: DEBUG Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
2013-03-18 23:46:54,040 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j DROP']
2013-03-18 23:46:54,040 fail2ban.actions.action: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2013-03-18 23:46:54,041 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'actioncheck', 'iptables', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
2013-03-18 23:46:54,041 fail2ban.actions.action: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
2013-03-18 23:46:54,042 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp']
2013-03-18 23:46:54,044 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'name', 'ProFTPD']
2013-03-18 23:46:54,045 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'chain', 'INPUT']
2013-03-18 23:46:54,046 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'port', 'ftp']
2013-03-18 23:46:54,047 fail2ban.comm : DEBUG Command: ['start', 'ssh-iptables']
2013-03-18 23:46:54,048 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:46:54,049 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:46:54,049 fail2ban.jail : INFO Jail 'ssh-iptables' started
2013-03-18 23:46:54,050 fail2ban.actions.action: DEBUG iptables -N fail2ban-SSH
iptables -A fail2ban-SSH -j RETURN
iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH
2013-03-18 23:46:54,053 fail2ban.comm : DEBUG Command: ['start', 'proftpd-iptables']
2013-03-18 23:46:54,054 fail2ban.filter : DEBUG /var/log/proftpd/auth.log has been modified
2013-03-18 23:46:54,055 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:46:54,058 fail2ban.actions.action: DEBUG iptables -N fail2ban-ProFTPD
iptables -A fail2ban-ProFTPD -j RETURN
iptables -I INPUT -p tcp --dport ftp -j fail2ban-ProFTPD
2013-03-18 23:46:54,058 fail2ban.jail : INFO Jail 'proftpd-iptables' started
2013-03-18 23:46:54,096 fail2ban.actions.action: DEBUG iptables -N fail2ban-SSH
iptables -A fail2ban-SSH -j RETURN
iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned successfully
2013-03-18 23:46:54,112 fail2ban.actions.action: DEBUG iptables -N fail2ban-ProFTPD
iptables -A fail2ban-ProFTPD -j RETURN
iptables -I INPUT -p tcp --dport ftp -j fail2ban-ProFTPD returned successfully
2013-03-18 23:47:23,083 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:23,111 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:24,112 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:24,114 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:26,117 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:26,118 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:27,120 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:27,123 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:28,124 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:28,126 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:30,129 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:30,131 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:31,132 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:31,135 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:33,138 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:33,139 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:35,142 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:35,144 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:36,145 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:36,148 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:37,150 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:37,151 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:39,153 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:39,155 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:40,157 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:40,159 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:41,161 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:41,162 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:43,165 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:43,167 fail2ban.filter.datedetector: DEBUG Sorting the template list
Add a code snippet to your website: www.paste.org