Fail2Ban "Please check jail has possibly a timezone issue"


When setting up my Nextcloud, or more precisely when setting up Fail2Ban, an error got in my way that I unfortunately can’t solve. I have the following setup - My Nextcloud runs behind a Nginx Proxy Manager, both the Nextcloud and the NPM run on a separate Ubuntu container on a server. To transfer the login logs of the Nextcloud to the container of the proxy manager I use rsyslog. This works quite well so far. However, when I apply the Fail2Ban filter and jail, no IP addresses are banned. In the Fail2Ban logs the following error appears again and again.

WARNING [sshd] Simulate NOW in operation since found time has too large deviation None ~ 1683536761.5844784 +/- 60
2023-05-08 11:06:01,584 fail2ban.filter       
[3891710]: WARNING [sshd] Please check jail has possibly a timezone issue. Line with odd timestamp:  pam_unix(cron:session): session opened for user root(uid=0)

This is the Fail2Ban filter file

_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"

And finally, here is the Fail2Ban jail file

backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 2
bantime = 3600
findtime = 3600
logpath = /var/log/syslog-cloudserver.log
1 Like

I don’t have the answer. But I do have the same warning messages!

EDIT: see: Some timezone warnings since version 0.11.2 · Issue #2882 · fail2ban/fail2ban · GitHub