[CentOS] Odd issue with fail2ban

Mon Aug 13 15:30:17 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

Leonard den Ottolander wrote:
> Hello Mark,
>
> On Mon, 2012-08-13 at 10:48 -0400, m.roth at 5-cent.us wrote:
>> Remember reading about that, and on the server I happen to be looking
>> at,
>> it's been set that way since 18 May. Any other ideas?
>
> The first thing I can think of is you forgot to restart the service
> after making the configuration change, but then you mentioned restarting
> the service makes the issue disappear, so that's not it :) .
>
> Perhaps you are seeing machines that only make a single attempt between
> log rotations? Or perhaps your machines get so many connects that you've
> hit a resource limit in fail2ban? Just guessing, I haven't had any
> issues since changing the backend to gamin.

Don't think so. I just dug up one that happened over the weekend: greping
out the lines from secure, I've got 131 connection/disconnect pairs:
Aug 10 17:44:56 <my server> sshd[12350]: Connection from 114.113.199.142
port 511
871
Aug 10 17:44:57 <my server> sshd[12341]: Received disconnect from
114.113.199.144
2: 11: Bye Bye

Yet in messages, all I see from this server (it happens to be our loghost)
for the entire minute of 17:44 are ordinary DHCP messages.

         mark