Syslog Errors with WP-Fail2Ban v4.3.0.9

WP fail2ban Support
1

The plugin does not create proper entries in any system log and causes massive errors in syslog:
NOTE: At 15:40 the offending wp-fail2ban Plugin was deactivated and the errors stopped.

Jul 16 15:22:47 systemd[1]: Stopping The Apache HTTP Server…
Jul 16 15:22:47 systemd[1]: apache2.service: Succeeded.
Jul 16 15:22:47 systemd[1]: Stopped The Apache HTTP Server.
Jul 16 15:22:47 systemd[1]: Starting The Apache HTTP Server…
Jul 16 15:22:47 systemd[1]: Started The Apache HTTP Server.
Jul 16 15:22:47 systemd[1]: Reloading.
Jul 16 15:22:49 systemd[1]: Reloading.
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try https:.rsyslog.com/e/2007 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:25:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), next retry is Fri Jul 16 15:26:01 2021, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try Redacted due to posting restrictions on invis.net site]
Jul 16 15:29:27 PackageKit: daemon quit
Jul 16 15:29:27 systemd[1]: packagekit.service: Succeeded.
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:.rsyslog.com/e/2359 ]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ resumed (module ‘builtin:omfile’) [v8.2001.0 try https:**.rsyslog.com/e/2359 ]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try ** Redacted due to posting restrictions on this site]
Jul 16 15:35:31 rsyslogd: action ‘action-8-builtin:omfile’ suspended (module ‘builtin:omfile’), next retry is Fri Jul 16 15:36:00 2021, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try Redacted due to posting restrictions on invis.net site]
Jul 16 15:39:01 systemd[1]: Starting Clean php session files…
Jul 16 15:39:01 CRON[89929]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jul 16 15:39:02 systemd[1]: phpsessionclean.service: Succeeded.
Jul 16 15:39:02 systemd[1]: Finished Clean php session files.
Jul 16 16:09:01 CRON[90342]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jul 16 16:09:01 systemd[1]: Starting Clean php session files…
Jul 16 16:09:02 systemd[1]: phpsessionclean.service: Succeeded.
Jul 16 16:09:02 systemd[1]: Finished Clean php session files.
Jul 16 16:17:01 CRON[90523]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jul 16 16:39:01 CRON[90808]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jul 16 16:39:01 systemd[1]: Starting Clean php session files…
Jul 16 16:39:02 systemd[1]: phpsessionclean.service: Succeeded.
Jul 16 16:39:02 systemd[1]: Finished Clean php session files.
Jul 16 16:43:50 systemd[1]: fwupd.service: Succeeded.
Jul 16 16:45:12 snapd[676]: autorefresh.go:513: auto-refresh: all snaps are up-to-date
Jul 16 17:09:01 CRON[91238]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jul 16 17:09:33 systemd[1]: Starting Clean php session files…
Jul 16 17:09:34 systemd[1]: phpsessionclean.service: Succeeded.
Jul 16 17:09:34 systemd[1]: Finished Clean php session files.
Jul 16 17:17:01 CRON[91417]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jul 16 17:19:10 systemd[1]: Starting Cleanup of Temporary Directories…
Jul 16 17:19:10 systemd[1]: systemd-tmpfiles-clean.service: Succeeded.
Jul 16 17:19:10 systemd[1]: Finished Cleanup of Temporary Directories.
Jul 16 17:39:01 CRON[91666]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jul 16 17:39:01 systemd[1]: Starting Clean php session files…
Jul 16 17:39:02 systemd[1]: phpsessionclean.service: Succeeded.
Jul 16 17:39:02 systemd[1]: Finished Clean php session files.
Jul 16 18:09:01 CRON[92084]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jul 16 18:09:01 systemd[1]: Starting Clean php session files…
Jul 16 18:09:02 systemd[1]: phpsessionclean.service: Succeeded.
Jul 16 18:09:02 systemd[1]: Finished Clean php session files.
Jul 16 18:17:01 CRON[92274]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jul 16 18:39:01 CRON[92509]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jul 16 18:39:01 systemd[1]: Starting Clean php session files…
Jul 16 18:39:02 systemd[1]: phpsessionclean.service: Succeeded.
Jul 16 18:39:02 systemd[1]: Finished Clean php session files.
Jul 16 18:40:33 canonical-livepatch[674]: Client.Check
Jul 16 18:45:12 snapd[676]: autorefresh.go:513: auto-refresh: all snaps are up-to-date
Jul 16 19:09:01 systemd[1]: Starting Clean php session files…
Jul 16 19:09:01 CRON[92934]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jul 16 19:09:02 systemd[1]: phpsessionclean.service: Succeeded.
Jul 16 19:09:02 systemd[1]: Finished Clean php session files.
Jul 16 19:17:01 CRON[93116]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Jul 16 19:39:01 systemd[1]: Starting Clean php session files…
Jul 16 19:39:01 CRON[93352]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
Jul 16 19:39:02 systemd[1]: phpsessionclean.service: Succeeded.
Jul 16 19:39:02 systemd[1]: Finished Clean php session files.
Jul 16 19:40:11 systemd[1]: Starting Ubuntu Advantage APT and MOTD Messages…
Jul 16 19:40:12 systemd[1]: ua-messaging.service: Succeeded.
Jul 16 19:40:12 systemd[1]: Finished Ubuntu Advantage APT and MOTD Messages.
Jul 16 19:54:09 canonical-livepatch[674]: Client.Check
Jul 16 20:01:33 systemd[1]: Starting Message of the Day…
Jul 16 20:01:36 50-motd-news[93772]: * Super-optimized for small spaces - read how we shrank the memory
Jul 16 20:01:36 50-motd-news[93772]: footprint of MicroK8s to make it the smallest full K8s around.
Jul 16 20:01:36 50-motd-news[93772]: // Redacted due to posting restrictions on this site]
Jul 16 20:01:36 systemd[1]: motd-news.service: Succeeded.
Jul 16 20:01:36 systemd[1]: Finished Message of the Day.

end of log excerpt

Server config:
WP version is 5.7.2
Fail2Ban v 0.11.1
Running on Ubuntu 20.04.2 LTS
PhP v7.4

What is wrong, and how do I fix it?

2

I don’t think this has anything directly to do with WP fail2ban; a little searching[1][2] suggests that the error messages might be caused by rsyslog being unable to write to a particular log file.

What have you got defined for WPf2b in wp-config.php?

  1. https://askubuntu.com ↩︎

  2. https://linuxquestions.org ↩︎

  1. ↩︎
  2. ↩︎