One day, on the same server running Ubuntu 20.04, I noticed a lot of messages in /var/log/syslog:
CRON[1835247]: (root) CMD (/bin/bash /usr/local/bin/fail2ban_banned_db unban_db)
rsyslogd: action 'action-6-builtin:omfile' resumed (module 'builtin:omfile') [v8.2001.0 try https://www.rsyslog.com/e/2359 ]
rsyslogd: action 'action-6-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2001.0 try https://www.rsyslog.com/e/2007 ]
ixnfo.com...
Before the messages there was sometimes a line about running the fail2ban script, but sometimes there wasn’t, but there were unsuccessful attempts to connect to postfix, for example, which most likely also caused fail2ban by looking at the file permissions:
ls -lt /var/log
I saw that the /var/log/fail2ban.log file had an owner of root and a group of adm, and it and its archived versions were empty.
Looking at the /etc/rsyslog.conf configuration, I saw:
$FileOwner syslog
$FileGroup adm
So I changed the owner to syslog:
chown syslog /var/log/fail2ban.log
After I changed its owner to syslog, the above messages stopped appearing, and entries about IP address blocking were successfully added to the /var/log/fail2ban.log file.
Also in the file /etc/logrotate.d/fail2ban I changed the line:
create 640 root adm
To:
create 640 syslog adm
So that after rotating the logs, a new file is created with the owner syslog.