Logs for fail2ban

Note: Your question may already be answered in the Bitwarden Help Center.

I have a new install of bitwarden and I am trying to get the logs written to /var/logs/bitwarden.log for fail2ban to access. I have modified the global.override.env with

LOG_FILE=/var/log/bitwarden.log
LOG_LEVEL=warn
EXTENDED_LOGGING=true

I have also made the bitwarden user owner and given and verified write permissions of that user to bitwarden.log. However when I restart bitwarden and intentionally create a login failure in the webui, no logs appear in that file.

I have also tried putting the bitwarden.log file within the /opt/bitwarden/bwdata/logs/ (this is the logDirectory globalSetting) with no change.

Am I doing something wrong or is there another strategy I should be taking to accomplish this? I do see a syslog__destination in the globalSettings. Should this be used?

I did some more digging and found:

Based on that, I looked in that folder and found failure logs from yesterday and the day before (from before the changes I made in the above post). I commented out the three lines that I added to the global.override.env and restarted bitwarden. I then attempted a failed login but a new text file with today’s date was not created and an event was not logged.

I still cannot find these logs. I hate to bump, but I am really hoping someone has some thoughts.

I looked at the nginx logs and it seems like that produces a 400 and records the IP on failed attempts so maybe I can just use that. I’ve never setup fail2ban before though so I’m wondering if there was a reason others didn’t do that in the article I linked to above. I can’t help but think there’s a reason for all that.