On 06/17/2012 10:16 AM, Leonard den Ottolander wrote:
Hello Bob,
On Sat, 2012-06-16 at 22:47 -0400, Bob Hoffman wrote:
1- you must use gamin as the setting or the log rotations will make fail2ban fail
I noticed the failing of fail2ban after rotating the logs too. Supposedly it works fine on CentOS 5 (from an IRC chat on #fedora-epel(?)), but on CentOS 6 fail2ban will stop banning after log rotation even though it should handle log rotation transparently.
However, you can fix your logrotate configuration to restart fail2ban after rotating the logs. Sadly that will remove current bans, but at least new bans will be added:
(mind the line wraps)
$ cat /etc/logrotate.d/syslog /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler { sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true # reload fail2ban after log rotation /usr/bin/fail2ban-client -x reload> /dev/null endscript }
Regards, Leonard.
I have been following this thread and I am interested to know what kinda of notice your getting to know fail2ban has crashed on a logrotate. I just did a force rotate and the only thing fail2ban did was restart.
I am using Centos 6.2 + postfix + fail2ban-0.8.2-3.el6.rf
TIA