should resolve #1407

Several issues refer to Have not found any log file, in relation to "prevent to start fail2ban service" are partially fixed in #1619

What version was this merged in? Specificity the 1407 (Related to log files having dates in the name).

Thanks
Eadthem

What version was this merged in?

Nowhere. It's an issue. I should still finish it. Just persistently no time...
And it is a pre-requirement for 1407, that as you can see is still open also.

@sebres Should Fail2ban v0.9.7-2 accept multiline logpaths?

logpath  = %(apache_error_log)s
           /home/*/website/log/*error.log

it says

$ fail2ban-client reload apache-combined
ERROR  Error in action definition sendmail-geoip-lines[name=apache-combined, sender="webmaster@agrya.hu", dest="admin@szepe.net", logpath="/var/log/apache2/*error.log
ERROR  Errors in jail 'apache-combined'. Skipping...

Fail2ban self does it... it looks rather as an issue of ConfigReader's and/or ExtractOptions (by supplying to the action "sendmail-geoip-lines").
Currently I don't know which versions are affected (0.9 is too old, so it could be fixed in-between).

The alternative for you which could work - switch to another action (e. g. that using <matches> info instead of the log-files).

Thank you.

yw

using <matches> info instead of the log-files

Oh, forgotten that we had a grave issue with not proper "escaped" <matches> - #1726 (fixed for >= 0.10), so be carefully with that in 0.9.

Thank you.

So

GET /`rm -rf /`

could destroy servers of my clients?

Not this way directly, but we don't want to provide here any advices for script-kiddis :)
But I have one advice for you - just upgrade your fail2ban and relax.

This issue is really annoying. I try to provision fail2ban jail.d using a CMDB, based on which packages are installed.
Example: I got a lot of VMs that have apache2 and nginx installed and using the CMDB, the host decides which one is used. In my CMDB I deploy both jails but one will fail on fresh hosts, as the log won't exist.
I can touch the log files but that is just a workaround.

Maybe it would be good idea to add an option in fail2ban, that allows silent fails for jails. Currently fail2ban crashs if something is wrong (which is fine to allow monitoring tools to notify the admin).
With on option, the admin can decide what he wants:
a) Crash as a whole to show something is not working correctly.
b) Keep running without jails that failed and just warn in log.

Currently this is a blocker for me, is there any chance to make this configurable soon?

want to try install fail2ban manually on ubuntu 20 server... it fails with this

Hello Chuck! Willkommen zu Fail2Ban!

Solved with systemd in jail.conf. Works great, thanks

Still an issue re: #2756

Using emptylog as a workaround:

[jail]
logpath = %(known/logpath)s
          /etc/fail2ban/emptylog

I run it on a self-made server, ubuntu server 22.04.04(LTS) and after trying to insert the 403 error message giver of here, the service complains over the lacking log file for the selinux-ssh jail.

Already tried all the options given here, with the error persisting through purges and installing again afterwards.

Kinda unsure on what to do here.

I run it on a self-made server, ubuntu server 22.04.04(LTS) and after trying to insert the 403 error message giver of here, the service complains over the lacking log file for the selinux-ssh jail.

The mentioned description doesn't speak about selinux-ssh jail at all (it is rather about new jail httpd-forbidden).

Either check the jail selinux-ssh (set proper logpath or backend = systemd if it is logging to systemd-journal) or in worse case disable this jail if you don't have it.

The mentioned description doesn't speak about selinux-ssh jail at all (it is rather about new jail httpd-forbidden).

Ye, I know, personally find it rather weird that that file complains.

Either check the jail selinux-ssh (set proper logpath or backend = systemd if it is logging to systemd-journal) or in worse case disable this jail if you don't have it.

Checked selinux-ssh.conf and it doesn't seem to have either a logpath or backend inside.
Exact error code is [67789]: ERROR Failed during configuration: Have not found any log file for selinux-ssh jail, if that helps

Checked selinux-ssh.conf and it doesn't seem to have either a logpath or backend inside.

Well every local jail-configuration (no matter in jail.local or jail.d/*.conf) overwrites default configuration jail.conf,
which contains:

The default backend and logpath (or here the value of auditd_log) is a matter of maintainer of fail2ban for your distribution.
If they not correct (outdated) for some reason, one needs to overwrite them by oneself (if one enables a jail).
Normally no one jail should be enabled by default, but (who knows) again it may be in some maintainer patches for that distro.

To check what is configured, one can also use:

# dump config:
fail2ban-client -d
# or pretty dump:
fail2ban-client --dp

Fail2Ban_Dump.txt
Did that, it actually seems that all of the log files are missing and the selinux jail was just the first to trigger the error.
Is there a way to regenerate the log file(s) or deleting whatever is currently not allowing them to be recreated so the purge+reinstall process can do that?

Fail2ban doesn't have currently any possibility to detect which services are active or not and to enable corresponding jails fully automatically.

Don't enable all jails (do it only for jails you need for services you really have).
Don't set enabled = true for default section - it'd again enable all jails.
Silencing the errors by creating of empty log-files is wrong way - neither it is good practice, nor it'd really protect everything:
such jails will never find any failure, if service logs to different logpath for some reason (logpath is wrong) or service logs to systemd journal but jail monitors log-file yet (backend is wrong), but would consume system resources (so the extra load is unnecessary).
More about in https://github.com/fail2ban/fail2ban/wiki/Proper-fail2ban-configuration
This is the way.