From b55c20594e341c1e6dee5a772482c11824cc9d45 Mon Sep 17 00:00:00 2001
From: sebres <info@sebres.de>
Date: Thu, 30 Jan 2025 14:00:43 +0100
Subject: [PATCH] `paths-common.conf`: changed default `mysql_log` path
 (default `logpath` of `mysqld-auth` jail without maintainer overrides);
 adjusted comments (`log_error_verbosity = 3` instead of `log-warnings = 2`)
 closes gh-3932

---
 ChangeLog                        |  2 ++
 config/filter.d/mysqld-auth.conf |  7 ++++---
 config/jail.conf                 | 14 ++++----------
 config/paths-common.conf         |  7 ++++++-
 4 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3a90d48c..a462cb75 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,8 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition
   - adapted to conform possible new daemon name sshd-session, since OpenSSH 9.8 
     several log messages will be tagged with as originating from a process named "sshd-session" rather than "sshd" (gh-3782)
   - `ddos` and `aggressive` modes: regex extended for timeout before authentication (optional connection from part, gh-3907)
+* `paths-common.conf`:
+  - changed default `mysql_log` path (default `logpath` of `mysqld-auth` jail without maintainer overrides, gh-3932)
 
 ### New Features and Enhancements
 * new jail option `skip_if_nologs` to ignore jail if no `logpath` matches found, fail2ban continue to start with warnings/errors,
diff --git a/config/filter.d/mysqld-auth.conf b/config/filter.d/mysqld-auth.conf
index 4afd4ada..ef439422 100644
--- a/config/filter.d/mysqld-auth.conf
+++ b/config/filter.d/mysqld-auth.conf
@@ -1,9 +1,10 @@
 # Fail2Ban filter for unsuccessful MySQL authentication attempts
 #
 #
-# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]:
-# log-error=/var/log/mysqld.log
-# log-warnings = 2
+# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld],
+# `log_error_verbosity` system variable set to 3 (`log-warnings = 2` for older versions),
+# and check whether `log_error` (or `log-error`) system variable would match the `logpath` of fail2ban
+# (see https://dev.mysql.com/doc/refman/en/communication-errors.html)
 #
 # If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf
 
diff --git a/config/jail.conf b/config/jail.conf
index bce6df63..5498f470 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -785,17 +785,11 @@ logpath  = /var/lib/znc/moddata/adminlog/znc.log
 
 # To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or
 # equivalent section:
-# log-warnings = 2
-#
-# for syslog (daemon facility)
-# [mysqld_safe]
-# syslog
-#
-# for own logfile
-# [mysqld]
-# log-error=/var/log/mysqld.log
+#   log_error_verbosity = 3
+# for older versions:
+#   log-warnings = 2
+# Also check whether `log_error` (or `log-error`) system variable match the `logpath`.
 [mysqld-auth]
-
 port     = 3306
 logpath  = %(mysql_log)s
 backend  = %(mysql_backend)s
diff --git a/config/paths-common.conf b/config/paths-common.conf
index ad9f6f28..1a5db4c2 100644
--- a/config/paths-common.conf
+++ b/config/paths-common.conf
@@ -87,7 +87,12 @@ dovecot_backend = %(default_backend)s
 # Seems to be set at compile time only to LOG_LOCAL0 (src/const.h) at Notice level
 solidpop3d_log = %(syslog_local0)s
 
-mysql_log = %(syslog_daemon)s
+mysql_log = /var/log/mariadb/mariadb.log
+            /var/log/mariadb/error.log
+            /var/log/mysql/mysqld.log
+            /var/log/mysql/error.log
+            /var/log/mysqld.log
+            
 mysql_backend = %(default_backend)s
 
 roundcube_errors_log = /var/log/roundcube/errors