[BUG] monitoring systemd logs not working

[machetto]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

If a jail's backend (sshd in my case) set to systemd, the following message appears:

ERROR Backend 'systemd' failed to initialize due to No module named 'systemd'.

The problems appears to be caused by not having systemd Python module in the Docker image.

Expected Behavior

It should start monitoring sshd systemd logs.

Steps To Reproduce

Create a file fail.d/sshd.local with the following content:

[sshd]
enabled = true
backend = systemd

Restart fail2ban

Environment

- OS: Debian 12
- How docker service was installed: using `apt-get` with instructions from docker website

CPU architecture

x86-64

Docker creation

services:
  fail2ban:
    image: lscr.io/linuxserver/fail2ban:latest
    container_name: fail2ban
    cap_add:
      - NET_ADMIN
      - NET_RAW
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - VERBOSITY=-vv #optional
    volumes:
      - ./config:/config
      - /var/log:/var/log:ro
    restart: unless-stopped

Container logs

2024-07-11 10:58:38,188 7089F9C7BB08 INFO  Starting Fail2ban v1.0.2
 2024-07-11 10:58:38,188 7089F8202B38 INFO  Observer start...
 2024-07-11 10:58:38,192 7089F9C7BB08 INFO  Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3'
 2024-07-11 10:58:38,192 7089F9C7BB08 INFO  Creating new jail 'sshd'
 2024-07-11 10:58:38,193 7089F9C7BB08 ERROR Backend 'systemd' failed to initialize due to No module named 'systemd'
 2024-07-11 10:58:38,193 7089F9C7BB08 ERROR Failed to initialize any backend for Jail 'sshd'
 2024-07-11 10:58:38,193 7089F9C7BB08 ERROR Command ['server-stream', [['set', 'syslogsocket', 'auto'], ['set', 'loglevel', 'INFO>
 2024-07-11 10:58:38,193 7089F8C02B38 ERROR NOK: ("Failed to initialize any backend for Jail 'sshd'",)
 2024-07-11 10:58:38,194 7089F8C02B38 INFO  Shutdown in progress...
 2024-07-11 10:58:38,194 7089F8C02B38 INFO  Observer stop ... try to end queue 5 seconds
 2024-07-11 10:58:38,214 7089F8202B38 INFO  Observer stopped, 0 events remaining.
 2024-07-11 10:58:38,254 7089F8C02B38 INFO  Stopping all jails
 2024-07-11 10:58:38,254 7089F8C02B38 INFO  Connection to database closed.

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[b2un0]

can confirm, same problem for me.
everything logs to systemd and so no jails working

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[SuperMartas]

Same problem for me on Raspberry Pi OS (bookworm). Related issue and possible solution:

• [BR]: fail2ban does not start on some debian/ubuntu systems - backend should probably be set to systemd on all systemd-based distros fail2ban/fail2ban#3292
• [BR]: fail2ban does not start on some debian/ubuntu systems - backend should probably be set to systemd on all systemd-based distros fail2ban/fail2ban#3292 (comment)