Vsftpd: log failed login attempts

ubuntu fail2ban ftp vsftpd ubuntu-10.04

It looks like vsftpd first checks username in userlist_file and do PAM only if user is allowed (with above configuration). I would suggest to disable userlist_* options and implement deny list in PAM configuration.

# put this line into /etc/pam.d/vsftpd as first "auth" check
auth    required    pam_listfile.so item=user sense=allow file=/etc/vsftpd.allowed_users onerr=fail

Then you should see denied log attempts in auth.log.

More info - pam_listfile.so

Related

“Terrified, John locked the door” — Is the comma necessary?
Single word for "people with premonition" [closed]
wish sentences... wish+would vs wish+could negative sentences
Word or phrase that describes a group of acronymic initials that can be any order
Is "give me a five" the same as "give me five" or incorrect?
Is there a term for a word that's recursive in its meaning? (see example for clarification)
What does “We should feel a ‘proxy regret’ for someone / something” mean?
Can a declarative, independent clause be considered an introductory element?
What is the saying or idiom or word that means when "friends" don’t need you anymore it seems like they don’t know you anymore
Notice vs. pay attention
however small it might seem [closed]
doesn't has to /have to [duplicate]