Im forcing your plugin to all my clients with wordpress installed. After yesterday it suddenly stopped writting to auth.log so fail2ban does not work any more.
Im currently in the process of stopping fail2ban as im moving to CSF, but im keeping the plugin running for the entries in the auth.log. I have multiple servers, but it seems that its only on that one server?
Let’s nail down a few basic details and I’ll have a better idea of where to start, so first things first - which OS? Web server? Version of PHP?
Obviously something has changed (being *nix of some sort it won’t just break itself, unless you’re unlucky enough to have been systemd'd) - any ideas what? Did it just update to WP 5.4.1?
Its an Ubuntu 18.04, Apache2 running php 7.4.5. but to be clear, those were already running before it suddenly stopped.
Its about 3 days ago that it suddenly stopped. the websites are all upgraded to WP 5.4.1 but so does it on my other servers and there it works beautifully. I did however changed the websites to ondemand instead of dynamic, but i dont see how that would affect the process.
OK, the first step is to work out if it’s a PHP+syslog or a PHP+Apache+syslog problem. If you run this from the command line:
php -r 'syslog(LOG_WARNING, "Hello, world!");'
the message should show up somewhere (on FreeBSD it ends up in /var/log/messages). If that works then it’s something Apache-related.
I’m assuming you’re not running syslog-ng or similar so my money is on systemd being the root cause of the problem, it’s “just” a question of working out what it’s unhappy about today.
Sounds like systemd-journald is eating the entries.
If you run journalctl -f in theory you should see everything it’s logging, including (hopefully!) your test messages. That’d be the next thing to check.
Im on to something here. Its 99% CSF’s fault. I set restrict_syslog to 3 wich means only users in a certain conf file are allowed to log. Documentation said to revert the settings set it to 0 or 2. This did not revert settings but kept honoring the conf file. I’ve also added a support question in the CSF forum.
BTW you should broden your horizon to include CSF with your plugin. there are already people using your plugin with CSF.
I’m glad you got it working again, but that sounds more like a workaround than a true fix. Still, it’s a place to start for the next person - thanks for reporting what worked!