Fail2Ban Send E-mail Debug

1. 020-04-26 15:55:51,122 fail2ban.server [23775]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2. 2020-04-26 15:55:51,124 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'dbfile', '/var/lib/fail2ban/fail2ban.sqlite3']
3. 2020-04-26 15:55:51,125 fail2ban.database [23775]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
4. 2020-04-26 15:55:51,131 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'dbpurgeage', '86400']
5. 2020-04-26 15:55:51,133 fail2ban.transmitter [23775]: DEBUG Command: ['add', 'sshd', 'auto']
6. 2020-04-26 15:55:51,134 fail2ban.jail [23775]: INFO Creating new jail 'sshd'
7. 2020-04-26 15:55:51,283 fail2ban.jail [23775]: INFO Jail 'sshd' uses pyinotify {}
8. 2020-04-26 15:55:51,284 fail2ban.filter [23775]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
9. 2020-04-26 15:55:51,413 fail2ban.filter [23775]: DEBUG Created FilterPyinotify(Jail('sshd'))
10. 2020-04-26 15:55:51,414 fail2ban.filterpyinotify[23775]: DEBUG Created FilterPyinotify
11. 2020-04-26 15:55:51,415 fail2ban.jail [23775]: INFO Initiated 'pyinotify' backend
12. 2020-04-26 15:55:51,419 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'usedns', 'warn']
13. 2020-04-26 15:55:51,420 fail2ban.filter [23775]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
14. 2020-04-26 15:55:51,422 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addlogpath', '/var/log/secure', 'head']
15. 2020-04-26 15:55:51,424 fail2ban.filter [23775]: INFO Added logfile = /var/log/secure
16. 2020-04-26 15:55:51,425 fail2ban.filterpyinotify[23775]: DEBUG Added monitor for the parent directory /var/log
17. 2020-04-26 15:55:51,426 fail2ban.filterpyinotify[23775]: DEBUG Added file watcher for /var/log/secure
18. 2020-04-26 15:55:51,428 fail2ban.datedetector [23775]: DEBUG Sorting the template list
19. 2020-04-26 15:55:51,429 fail2ban.datedetector [23775]: DEBUG Winning template: (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? with 0 hits
20. 2020-04-26 15:55:51,431 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'maxretry', '5']
21. 2020-04-26 15:55:51,432 fail2ban.filter [23775]: INFO Set maxRetry = 5
22. 2020-04-26 15:55:51,434 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addignoreip', '65.182.164.0/23']
23. 2020-04-26 15:55:51,435 fail2ban.filter [23775]: DEBUG Add 65.182.164.0/23 to ignore list
24. 2020-04-26 15:55:51,437 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'logencoding', 'auto']
25. 2020-04-26 15:55:51,438 fail2ban.filter [23775]: INFO Set jail log file encoding to UTF-8
26. 2020-04-26 15:55:51,440 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'bantime', '2592000']
27. 2020-04-26 15:55:51,441 fail2ban.actions [23775]: INFO Set banTime = 2592000
28. 2020-04-26 15:55:51,443 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'ignorecommand', '']
29. 2020-04-26 15:55:51,445 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'findtime', '2592000']
30. 2020-04-26 15:55:51,446 fail2ban.filter [23775]: INFO Set findtime = 2592000
31. 2020-04-26 15:55:51,448 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'maxlines', '10']
32. 2020-04-26 15:55:51,449 fail2ban.filter [23775]: INFO Set maxlines = 10
33. 2020-04-26 15:55:51,451 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
34. 2020-04-26 15:55:51,471 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
35. 2020-04-26 15:55:51,492 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
36. 2020-04-26 15:55:51,519 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
37. 2020-04-26 15:55:51,544 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
38. 2020-04-26 15:55:51,573 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
39. 2020-04-26 15:55:51,604 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
40. 2020-04-26 15:55:51,638 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
41. 2020-04-26 15:55:51,677 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
42. 2020-04-26 15:55:51,718 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
43. 2020-04-26 15:55:51,765 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
44. 2020-04-26 15:55:51,817 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', "^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
45. 2020-04-26 15:55:51,875 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?P<__prefix>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s$
46. 2020-04-26 15:55:51,942 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?P<__prefix>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s$
47. 2020-04-26 15:55:52,017 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?P<__prefix>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s$
48. 2020-04-26 15:55:52,101 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
49. 2020-04-26 15:55:52,193 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
50. 2020-04-26 15:55:52,293 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addjournalmatch', '_SYSTEMD_UNIT=sshd.service', '+', '_COMM=sshd']
51. 2020-04-26 15:55:52,294 fail2ban.server [23775]: INFO Jail sshd is not a JournalFilter instance
52. 2020-04-26 15:55:52,296 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addaction', 'apf']
53. 2020-04-26 15:55:52,297 fail2ban.CommandAction [23775]: DEBUG Set action apf timeout = 60
54. 2020-04-26 15:55:52,297 fail2ban.CommandAction [23775]: DEBUG Set actionstart =
55. 2020-04-26 15:55:52,298 fail2ban.CommandAction [23775]: DEBUG Set actionban =
56. 2020-04-26 15:55:52,299 fail2ban.CommandAction [23775]: DEBUG Set actionunban =
57. 2020-04-26 15:55:52,299 fail2ban.CommandAction [23775]: DEBUG Set actioncheck =
58. 2020-04-26 15:55:52,300 fail2ban.CommandAction [23775]: DEBUG Set actionstop =
59. 2020-04-26 15:55:52,300 fail2ban.CommandAction [23775]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
60. 2020-04-26 15:55:52,303 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'actionban', '/usr/local/sbin/apf --deny <ip> "banned by Fail2Ban <name>"']
61. 2020-04-26 15:55:52,303 fail2ban.CommandAction [23775]: DEBUG Set actionban = /usr/local/sbin/apf --deny <ip> "banned by Fail2Ban <name>"
62. 2020-04-26 15:55:52,306 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'actionstop', '']
63. 2020-04-26 15:55:52,307 fail2ban.CommandAction [23775]: DEBUG Set actionstop =
64. 2020-04-26 15:55:52,309 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'actionstart', '']
65. 2020-04-26 15:55:52,309 fail2ban.CommandAction [23775]: DEBUG Set actionstart =
66. 2020-04-26 15:55:52,312 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'actionunban', '/usr/local/sbin/apf --remove <ip>']
67. 2020-04-26 15:55:52,312 fail2ban.CommandAction [23775]: DEBUG Set actionunban = /usr/local/sbin/apf --remove <ip>
68. 2020-04-26 15:55:52,315 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'actioncheck', '']
69. 2020-04-26 15:55:52,315 fail2ban.CommandAction [23775]: DEBUG Set actioncheck =
70. 2020-04-26 15:55:52,318 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'known/name', 'default']
71. 2020-04-26 15:55:52,320 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'protocol', 'tcp']
72. 2020-04-26 15:55:52,323 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'name', 'sshd']
73. 2020-04-26 15:55:52,325 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addaction', 'sendmail-whois-lines']
74. 2020-04-26 15:55:52,326 fail2ban.CommandAction [23775]: DEBUG Set action sendmail-whois-lines timeout = 60
75. 2020-04-26 15:55:52,326 fail2ban.CommandAction [23775]: DEBUG Set actionstart =
76. 2020-04-26 15:55:52,327 fail2ban.CommandAction [23775]: DEBUG Set actionban =
77. 2020-04-26 15:55:52,327 fail2ban.CommandAction [23775]: DEBUG Set actionunban =
78. 2020-04-26 15:55:52,328 fail2ban.CommandAction [23775]: DEBUG Set actioncheck =
79. 2020-04-26 15:55:52,329 fail2ban.CommandAction [23775]: DEBUG Set actionstop =
80. 2020-04-26 15:55:52,329 fail2ban.CommandAction [23775]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
81. 2020-04-26 15:55:52,332 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'actionban', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`\n$
82. 2020-04-26 15:55:52,332 fail2ban.CommandAction [23775]: DEBUG Set actionban = printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
83. Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
84. From: <sendername> <<sender>>
85. To: <dest>\n
86. Hi,\n
87. The IP <ip> has just been banned by Fail2Ban after
88. <failures> attempts against <name>.\n\n
89. Here is more information about <ip> :\n
90. `/usr/bin/whois <ip> || echo missing whois program`\n\n
91. Lines containing IP:<ip> in <logpath>\n
92. `grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
93. Regards,\n
94. Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
95. 2020-04-26 15:55:52,337 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'actionstop', 'printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`\nDate:$
96. 2020-04-26 15:55:52,338 fail2ban.CommandAction [23775]: DEBUG Set actionstop = printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
97. Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
98. From: <sendername> <<sender>>
99. To: <dest>\n
100. Hi,\n
101. The jail <name> has been stopped.\n
102. Regards,\n
103. Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
104. 2020-04-26 15:55:52,341 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'actionstart', 'printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`\nDate$
105. 2020-04-26 15:55:52,342 fail2ban.CommandAction [23775]: DEBUG Set actionstart = printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`
106. Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
107. From: <sendername> <<sender>>
108. To: <dest>\n
109. Hi,\n
110. The jail <name> has been started successfully.\n
111. Regards,\n
112. Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
113. 2020-04-26 15:55:52,345 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'actionunban', '']
114. 2020-04-26 15:55:52,346 fail2ban.CommandAction [23775]: DEBUG Set actionunban =
115. 2020-04-26 15:55:52,348 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'actioncheck', '']
116. 2020-04-26 15:55:52,349 fail2ban.CommandAction [23775]: DEBUG Set actioncheck =
117. 2020-04-26 15:55:52,351 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/known/sendername', 'Fail2Ban']
118. 2020-04-26 15:55:52,354 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/grepopts', '-m 1000']
119. 2020-04-26 15:55:52,356 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'sender', 'admin@ics-il.net']
120. 2020-04-26 15:55:52,359 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/sender', 'admin@ics-il.net']
121. 2020-04-26 15:55:52,361 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'dest', 'admin@ics-il.net']
122. 2020-04-26 15:55:52,364 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/known/dest', 'admin@ics-il.net']
123. 2020-04-26 15:55:52,367 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/__name__', 'Init']
124. 2020-04-26 15:55:52,369 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'logpath', '/var/log/secure']
125. 2020-04-26 15:55:52,372 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/dest', 'admin@ics-il.net']
126. 2020-04-26 15:55:52,374 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/known/sender', 'admin@ics-il.net']
127. 2020-04-26 15:55:52,377 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'grepopts', '-m 1000']
128. 2020-04-26 15:55:52,381 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/name', 'default']
129. 2020-04-26 15:55:52,384 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/logpath', '/dev/null']
130. 2020-04-26 15:55:52,387 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/sendername', 'Fail2Ban']
131. 2020-04-26 15:55:52,390 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/known/__name__', 'Init']
132. 2020-04-26 15:55:52,393 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'sendername', 'Fail2Ban']
133. 2020-04-26 15:55:52,396 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'name', 'sshd']
134. 2020-04-26 15:55:52,398 fail2ban.transmitter [23775]: DEBUG Command: ['start', 'sshd']
135. 2020-04-26 15:55:52,405 fail2ban.filterpyinotify[23775]: DEBUG pyinotifier started for sshd.
136. 2020-04-26 15:55:52,406 fail2ban.action [23775]: DEBUG
137. 2020-04-26 15:55:52,408 fail2ban.filterpyinotify[23775]: DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/secure pathname=/var/log/secure wd=2 >
138. 2020-04-26 15:55:52,409 fail2ban.action [23775]: DEBUG Nothing to do
139. 2020-04-26 15:55:52,415 fail2ban.action [23775]: DEBUG printf %b "Subject: [Fail2Ban] sshd: started on `uname -n`
140. Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
141. From: Fail2Ban <admin@ics-il.net>
142. To: admin@ics-il.net\n
143. Hi,\n
144. The jail sshd has been started successfully.\n
145. Regards,\n
146. Fail2Ban" | /usr/sbin/sendmail -f admin@ics-il.net admin@ics-il.net