How to configure fail2ban with systemd journal? I've install `fail2ban` on Debian Jessie LXC container, currently it's failing due to: Starting authentication failure monitor: fail2ban ERROR No file(s) found for glob /var/log/auth.log ERROR Failed during configuration: Have not found any log file for ssh jail There's no `syslog` or `rsyslog` on the system and thus `/var/log/auth.log` is not generated. Is there a way how to tell `fail2ban` to use output of `journalctl _COMM=sshd`?

**For systemd systems:**

You have to specify the backend in `/etc/fail2ban/jail.conf` to use `systemd` as follows:


backend = systemd


Then restart fail2ban:


systemctl restart fail2ban


* * *

**Edit:**

I'm a heavy CentOS/RHEL/Fedora guy so you may have to adapt what I say a bit. As far as this answer, you may have to update the fail2ban package to a version that supports systemd as a backend or you'll have to install `rsyslog` and add the following to your `/etc/rsyslog.conf`:


authpriv.* /var/log/auth.log


This will make sure sshd auth logs are logging to `/var/log/auth.log` which will be read by the default `pyinotify` backend in fail2ban: