FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 04-27-2012, 12:36 PM
Bob Hoffman
 
Default fail2ban logrotate failure

I got the fail2ban from epel.
There were a number of issues relating to using a log file...
logwatch was looking for both fail2ban and fail2ban.log
logrotate file fail2ban added looked for fail2ban.log and then reset
itself to syslog
fail2ban itself went to syslog, over riding its fail2ban.log.

took a while, but I use /var/log/fail2ban now, that finally worked
through logrotates and logwatch.

Problem with centos variant of fail2ban:

logrotate causes all 'ban' actions to stop happening. I am pretty sure
it stops reading the logs but still functions.
Unban actions still keep showing up in the log, but the 'ban' actions
just stop. Program is running, but no longer working.

Long searches online show a million others with the same issue. Only way
to prevent it seems to be to add a reload or restart in the syslog file.
This is undesired due to losing all banned ips listed.

It happens as part of the logrotate. The logrotate file I have changed a
few times and recently tried this
postrotate
/usr/bin/fail2ban-client set logtarget /var/log/fail2ban
1>/dev/null || true
endscript

setting the logtarget, which the original called for changing it to
syslog and 2>dev/null || true


so what would you do? I imagine when logrotate happens and syslog
restarts something is causing fail2ban to stop working properly, but
still timing 'unbans'.

This is apparently a bug/problem for almost everyone of all distros.
Other than just uninstalling, the only way to make it work would be a
restart around 4 every morning, making any long term bans useless.

My last thought is to just throw the /var/log/fail2ban to be rotated by
syslog like maillog and the others..and not doing anything special.
Maybe it would just work.

I write here because I know there are hundreds of you and someone must
have figured out how to make fail2ban work for more than 24 hours
without a restart....
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-27-2012, 12:41 PM
Maxim Shpakov
 
Default fail2ban logrotate failure

https://github.com/fail2ban/fail2ban/issues/44

2012/4/27 Bob Hoffman <bob@bobhoffman.com>:
> I got the fail2ban from epel.
> There were a number of issues relating to using a log file...
> logwatch was looking for both fail2ban and fail2ban.log
> logrotate file fail2ban added looked for fail2ban.log and then reset
> itself to syslog
> fail2ban itself went to syslog, over riding its fail2ban.log.
>
> took a while, but I use /var/log/fail2ban now, that finally worked
> through logrotates and logwatch.
>
> Problem with centos variant of fail2ban:
>
> logrotate causes all 'ban' actions to stop happening. I am pretty sure
> it stops reading the logs but still functions.
> Unban actions still keep showing up in the log, but the 'ban' actions
> just stop. Program is running, but no longer working.
>
> Long searches online show a million others with the same issue. Only way
> to prevent it seems to be to add a reload or restart in the syslog file.
> This is undesired due to losing all banned ips listed.
>
> It happens as part of the logrotate. The logrotate file I have changed a
> few times and recently tried this
> * * postrotate
> * * * /usr/bin/fail2ban-client set logtarget /var/log/fail2ban
> 1>/dev/null || true
> * * endscript
>
> setting the logtarget, which the original called for changing it to
> syslog and 2>dev/null || true
>
>
> so what would you do? I imagine when logrotate happens and syslog
> restarts something is causing fail2ban to stop working properly, but
> still timing 'unbans'.
>
> This is apparently a bug/problem for almost everyone of all distros.
> Other than just uninstalling, the only way to make it work would be a
> restart around 4 every morning, making any long term bans useless.
>
> My last thought is to just throw the /var/log/fail2ban to be rotated by
> syslog like maillog and the others..and not doing anything special.
> Maybe it would just work.
>
> I write here because I know there are hundreds of you and someone must
> have figured out how to make fail2ban work for more than 24 hours
> without a restart....
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-27-2012, 01:08 PM
Bob Hoffman
 
Default fail2ban logrotate failure

On 4/27/2012 8:41 AM, Maxim Shpakov wrote:
> https://github.com/fail2ban/fail2ban/issues/44
>
>
I played with the gamin, but will give it one more try with just adding
the log file to the logrotate.d/syslog file instead of its own...and
then wait til tomorrow for the full logrotate (since I cannot force a
real logrotate even with 'force'..lol)

the other issue was the failures at restart......got the restart
failures to stop in the code, but the stop ones still pop up, but seem
to not be an issue.

thanks for pointing at this, will try it and see.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org