Well, I took the plunge and got one of these beauties and set-up the wonderful custom firmware...
Anyway... today I was checking the logs and I seem to be getting a brute force attempt on the vsftp server from austria (or at least that's where the zombie computer is). I've been trying to get fail2ban up and running. I've gotten python2.5 running and the fail2ban software installed and it will launch.
Here's the problem. fail2ban monitors the log files. It wants paths to the log files. In the vsftpd.conf file it seems to be set to log all events (including the all important login failed ones) in the syslog. Now, editing the vsftpd.conf doesn't seem to work for me (is it in a protected space?) and I can't seem to find syslog.log in any of the expected locations.
I'm not too keen on killing vsftpd and re-launching with my own .conf file in a different location that is set to generate a .log file. I'd rather just have fail2ban peruse the syslog instead. So, my question now is, where is the bloody syslog.log? The web GUI seems to be able to read it so I'm assuming that the file exists somewhere (syslogd is also running in the process list).
Any help would be appreciated.
Reply With Quote
