Re: fail2ban vs. logrotate

From: "Mikkel L. Ellertson" <mellertson@xxxxxxxxx>
Date: Mon, 24 Oct 2011 18:53:32 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/24/2011 12:14 PM, Mike Wohlgemuth wrote:

I've installed fail2ban on Fedora 15 to block repeated failed ssh
connections. It works great up until logrotate kicks in. When it
rotates /var/log/secure then fail2ban stops noticing failed ssh
attempts. Using fail2ban-client to reload the jail fixes the problem,
but it also causes fail2ban to forget all currently banned IP
addresses. I've found scripts online that will allow for extracting the
current bans before reloading, and then applying them again after, but
that seems pretty extreme. I can't help but think I must be missing
something simple that will get fail2ban to notice that the logs have
been rotated. Has anyone else seeing this issue? I see some reports in
bugzilla about fail2ban, but nothing that is definitely this problem.

Thanks
Mike

It sounds like fail2ban still has the old log file open. You need to
have logrotate tell fail2ban that the log file has changed.

Logrotate already does this will other services when it rotates
their log file. I am surprised the .rpm did not include the files
for logrotate to automatically sent the proper signal to fail2ban.

Mikkel
- --

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6l+nwACgkQqbQrVW3JyMQXbwCfWwWQXNCmsHlIriPqHy1FALI9
asQAn1qsjxbOzlxOT3yn81XHj5bR5aLn
=vGsK
-----END PGP SIGNATURE-----
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Follow-Ups:
- Re: fail2ban vs. logrotate
  - From: Andre Speelmans

References:
- fail2ban vs. logrotate
  - From: Mike Wohlgemuth

Prev by Date: Re: remeber non broadcasted SSID
Next by Date: Re: fail2ban vs. logrotate
Previous by thread: Re: fail2ban vs. logrotate
Next by thread: Re: fail2ban vs. logrotate
Index(es):
- Date
- Thread

Relevant Pages

Re: fail2ban vs. logrotate
... have logrotate tell fail2ban that the log file has changed. ... Change the config file for logrotate so that it does not create a new ... for logrotate to automatically sent the proper signal to fail2ban. ... and as such does not have a specific rpm. ...
(Fedora)
Re: fail2ban vs. logrotate
... have logrotate tell fail2ban that the log file has changed. ... Change the config file for logrotate so that it does not create a new ... for logrotate to automatically sent the proper signal to fail2ban. ... and as such does not have a specific rpm. ...
(Fedora)
Re: Logrotate is a pain
... > I can't find any helpfull information/documentation about logrotate. ... > I'm using logrotate to backup my apache log files and a custom log ... when logrotate rotates the logfile of my java program it ... The next section of the config files defined how to handle the log file ...
(comp.os.linux.misc)
Re: fail2ban vs. logrotate
... syslogd. ... Does fail2ban accept a SIGHUP to close and reopen the log file? ...
(Fedora)
Re: fail2ban vs. logrotate
... Does fail2ban accept a SIGHUP to close and reopen the log file? ... in a vanilla configuration for some time now and have never experienced ... To unsubscribe or change subscription options: ...
(Fedora)