See subject, syslog won't log anything with a dot ('.') in the prog name: [helmut@BSDHelmut ~]$ logger -p daemon.info -t fail2ban.jail -s Test Message fail2ban.jail 31238 - - Test Message [helmut@BSDHelmut ~]$ sudo grep -r 'fail2ban\.jail' /var/log/daemon.log [helmut@BSDHelmut ~]$ logger -p daemon.info -t fail2ban_jail -s Test Message fail2ban_jail 30761 - - Test Message [helmut@BSDHelmut ~]$ sudo grep -r 'fail2ban_jail' /var/log/daemon.log Jan 12 22:07:52 BSDHelmut fail2ban_jail[30761]: Test Message [helmut@BSDHelmut ~]$ uname -a FreeBSD BSDHelmut.charlieroot.de 12.2-RELEASE-p10 FreeBSD 12.2-RELEASE-p10 12803d8a9(releng/12.2) GENERIC-PF-ALTQ amd64 [helmut@BSDHelmut ~]$ Unfortunately applications like fail2ban use a dot in the prog name: fail2ban.actions,fail2ban.database,fail2ban.filter,fail2ban.jail,fail2ban.utils
Works for me on main: markj@nuc> logger -p daemon.info -t fail2ban.jail -s Test Message fail2ban.jail 31238 - - Test Message fail2ban.jail 29173 - - Test Message fail2ban.jail 31238 - - Test Message markj@nuc> tail -n 1 /var/log/daemon.log Jan 13 10:09:50 nuc fail2ban.jail[29173]: Test Message fail2ban.jail 31238 - - Test Message It might be a syslogd bug that has since been fixed, or a configuration problem. Running syslogd in the foreground with -d -F might provide some clues.
[helmut@BSDHelmut ~]$ sudo cat /etc/syslog.d/30-daemon.conf !-fail2ban,fail2ban.actions,fail2ban.database,fail2ban.filter,fail2ban.jail,fail2ban.utils daemon.* /var/log/daemon.log [helmut@BSDHelmut ~]$ sudo cat /etc/syslog.d/40-fail2ban.conf !fail2ban,fail2ban.actions,fail2ban.database,fail2ban.filter,fail2ban.jail,fail2ban.utils *.* /var/log/fail2ban.log [helmut@BSDHelmut ~]$ received sa_len = 16 logmsg: pri 35, flags 0, from BSDHelmut, msg fail2ban.actions[98772]: NOTICE [fail2ban] Restore Ban xx.yy.zz.138 Logging to FILE /var/log/messages Logging to FILE /var/log/all.log Logging to FILE /var/log/daemon.log received sa_len = 16 From syslog.conf(5): A program specification is a line beginning with `#!prog' or `!prog' (the former is for compatibility with the previous syslogd, if one is sharing syslog.conf files, for example) and the following blocks will be associ- ated with calls to syslog(3) from that specific program. A program spec- ification for `foo' will also match any message logged by the kernel with the prefix `foo: '. The `#!+prog' or `!+prog' specification works just like the previous one, and the `#!-prog' or `!-prog' specification will match any message but the ones from that program. Multiple programs may be listed, separated by commas: `!prog1,prog2' matches messages from ei- ther program, while `!-prog1,prog2' matches all messages but those from `prog1' or `prog2'. This seems to fail with a prog with a '.' in its name though it works fine (here) with progs without a '.' in the name: [helmut@BSDHelmut ~]$ cat /etc/syslog.d/30-daemon.conf !-fail2ban,fail2ban.actions,fail2ban.database,fail2ban.filter,fail2ban.jail,fail2ban.utils,openvpn daemon.* /var/log/daemon.log [helmut@BSDHelmut ~]$ cat /etc/syslog.d/40-openvpn.conf !openvpn *.* /var/log/openvpn.log [helmut@BSDHelmut ~]$ logmsg: pri 35, flags 0, from BSDHelmut, msg config = '/usr/local/etc/openvpn/server-charlieroot.de.conf' Logging to FILE /var/log/messages Logging to FILE /var/log/all.log Logging to FILE /var/log/openvpn.log received sa_len = 16
(In reply to Helmut Ritter from comment #0) Try to use patch from bug #239385. You can send logs from fail2ban in RFC5424 format (it allows any of PRINTUSASCII symbols) also.