what the meaning of "logpath = %(nginx_error_log)s" in fail2ban jail log path?

Question

I am running fail2ban on Ubuntu 20.04 server, and am looking over some of the default jails. In [nginx-http-auth] the default log path shows as logpath = %(nginx_error_log)s. What exactly does %(nginx_error_log)s mean in fail2ban, and how does it articulate a log path for nginx logs in fail2ban? The same question goes for the default [sshd] jail log path and backend which has:

logpath = %(sshd_log)s
backend = %(sshd_backend)s

in it.

Lastly, assuming my nginx.conf file show has the default lines:

# Nginx default log paths
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

should I keep the line

logpath = %(nginx_error_log)s

in my jail, or should I change it to

logpath=/var/log/nginx/error.log

?

score 0 · Answer 1 · answered Feb 23 '23 at 18:15

%(nginx_error_log)s uses a variable that is defined inside your fail2ban configuration (it should be in paths-common.conf). So you should check if your distribution or config management inserts the correct path there, and if not then overwrite it with the correct value.

what the meaning of "logpath = %(nginx_error_log)s" in fail2ban jail log path?

1 Answers1