1.2. Syslog

If you are using a custom jail is it strongly recommended that you also use one of the local0..7 facilities.

1.2.1. Using a local0..7 Facility

The BNS sends the list of IPs to block as a single batch, and each IP address results in one line written to syslog. With some plans sending as many as 1000 IPs the default log (/var/log/auth.log) can be swamped with BNS entries, making it difficult to use for its usual purposes.

To prevent this you should configure the Blocklist to use one of the local facilities, for example, local3.

1.2.1.1. Configuring `syslogd`

It is assumed that you have configured the syslogd variant you use to write local3 to /var/log/wpf2b-block.log.

1.2.2. Configuring WP fail2ban

Add the following to your wp-config.php file:

/**
 * The blocklist messages use the "block" class
 */
define('WP_FAIL2BAN_PLUGIN_LOG_BLOCK', true);

/**
 * Use the custom facility we configured earlier for the block messages.
 *
 * Be sure to change this to match the syslog facility you're using.
 */
define('WP_FAIL2BAN_PLUGIN_BLOCK_LOG', LOG_LOCAL3);

Update your Blocklist jail to use the new log file:

[wpf2b-blocklist-hard]
enabled = true
filter = wpf2b-blocklist-hard
logpath = /var/log/wpf2b-block.log
maxretry = 1
bantime = 86400

Reload or restart fail2ban and check everything is working after the next BNS update.

1.2. Syslog

1.2.1. Using a local0..7 Facility

1.2.1.1. Configuring syslogd

1.2.2. Configuring WP fail2ban

1.2.1.1. Configuring `syslogd`