Ubuntu 22.04 LTS – Fail2ban not banning due to wrong log path – Fix & Prevention

📖 ~1 min read

Table of contents

1. Symptom & Impact
2. Environment & Reproduction
3. Root Cause Analysis
4. Quick Triage
5. Step-by-Step Diagnosis
6. Solution – Primary Fix
7. Solution – Alternative Approaches
8. Verification & Acceptance Criteria
9. Rollback Plan
10. Prevention & Hardening
11. Related Errors & Cross-Refs
12. References & Further Reading

Symptom & Impact

Repeated attack attempts continue because IP bans are not applied.

Environment & Reproduction

Often occurs after switching between auth.log and journal backend.

Root Cause Analysis

Jail logpath/backend settings do not match actual authentication log source.

Quick Triage

Inspect active jail config and backend mode.

Step-by-Step Diagnosis

Compare jail overrides with available log files and journal entries.

Solution – Primary Fix

Set correct backend/logpath and restart fail2ban.

Solution – Alternative Approaches

Use systemd backend when logs are not written to auth.log.

Verification & Acceptance Criteria

Bans appear after failed login attempts.

Rollback Plan

Revert jail.local to prior known-good configuration.

Prevention & Hardening

Test jail behavior after logging stack or SSH config changes.

Related Errors & Cross-Refs

Related to wrong bantime settings and disabled sshd jail.

Related tutorial: View the step-by-step tutorial for Ubuntu 22.04 LTS.

View all Ubuntu 22.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu fail2ban and SSH brute-force mitigation docs.