Logging

Fail2ban:
/var/log/fail2ban.log

2014-10-30 21:30:26,470 fail2ban.actions: WARNING [ssh] Ban 114.215.***.***
2014-10-30 21:31:03,353 fail2ban.actions: INFO   [ssh] 114.215.***.*** already banned
2014-10-30 21:31:50,404 fail2ban.actions: INFO   [ssh] 114.215.***.*** already banned
2014-10-30 21:32:29,445 fail2ban.actions: INFO   [ssh] 114.215.***.*** already banned
2014-10-30 21:33:03,480 fail2ban.actions: INFO   [ssh] 114.215.***.*** already banned
2014-10-30 21:33:41,521 fail2ban.actions: INFO   [ssh] 114.215.***.*** already banned
2014-10-30 21:33:59,540 fail2ban.actions: INFO   [ssh] 114.215.***.*** already banned
2014-10-30 21:34:19,562 fail2ban.actions: INFO   [ssh] 114.215.***.*** already banned
2014-10-30 21:40:26,952 fail2ban.actions: WARNING [ssh] Unban 114.215.***.***

Apache2
/var/log/apache2/error.log

[Sat Nov 01 22:31:21.463199 2014] [auth_basic:error] [pid 2078] [client xxx.xxx.xxx.xxx:xxxx] AH01617: user john: authentication failure for "/": Password Mismatch

/var/log/apache2/access.log

xxx.xxx.xxx.xxx - john [01/Nov/2014:22:31:34 +0000] "GET / HTTP/1.1" 200 3594 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.1.17 (KHTML, like Gecko) Version/7.1 Safari/537.85.10"

Here we can see there is an username on the system called “john”, they have tried to access the system at “Sat Nov 01 22:31:21.463199 2014“, however they got their password incorrect, subsequently they have entered the password correctly, they got the password correct a few seconds later on at “01/Nov/2014:22:31:34 +0000“.