Sometimes Fail2Ban neglects to include log snippets in the report email that it sends when it bans an IP. The reason is that there is a slight oversight in the .conf files within the action.d folder, which determine how Fail2Ban takes action upon certain events.

Line 29 of my sendmail-whois-lines.conf¬†reads, `grep ‘[^0-9]<ip>[^0-9]’ <logpath>`. This means that it will search the relevant log file for lines containing a string with the IP in it, but not surrounded on either side by a number. As such, Fail2Ban will not send you logs for the IP 192.168.1.101 for an offense committed by 2.168.1.10.

This works fine, normally, but runs into a problem when the IP is at the end of a line; the grep command looks for any character other than a number, and a carriage return is technically not a character. The match fails, and Fail2Ban sends no logs.

The solution is to replace the above-cited statement with `grep -E ‘[^0-9]<ip>([^0-9]|$)’ <logpath>`. This tells grep to include carriage returns in its search, and thus, the problem is solved.