Hello Bob,
On Sat, 2012-06-16 at 22:47 -0400, Bob Hoffman wrote:
1- you must use gamin as the setting or the log rotations will make fail2ban fail
I noticed the failing of fail2ban after rotating the logs too. Supposedly it works fine on CentOS 5 (from an IRC chat on #fedora-epel(?)), but on CentOS 6 fail2ban will stop banning after log rotation even though it should handle log rotation transparently.
However, you can fix your logrotate configuration to restart fail2ban after rotating the logs. Sadly that will remove current bans, but at least new bans will be added:
(mind the line wraps)
$ cat /etc/logrotate.d/syslog /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler { sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true # reload fail2ban after log rotation /usr/bin/fail2ban-client -x reload > /dev/null endscript }
Regards, Leonard.