From: Ali G. <ag...@gm...> - 2012-03-31 13:26:20
|
Hello All, I'm running fail2ban version 0.8.4-27 on fedora core 15. Occasionally my fail2ban stops banning. A start-stop of the fail2ban service brings things back to normal. There seems to be a 1-to-1 relationship between the hangs and log rotations. For example every time there is message like "fail2ban.filter : INFO Log rotation detected for /var/log/httpd/error_log" in my /var/messages, banning stops. I have a single active jail that monitors the apache-log and the hangs were not happening before I added that rule. Here is its entry in jail.conf [apache-badpage] enabled = true filter = apache-bad-page action = iptables-multiport[name=badpage, port="http", protocol=tcp] sendmail-whois[name=badpage, dest=root, sender=fail2ban@neptune.localdomain] logpath = /var/log/httpd/error_log maxretry = 5 findtime = 60 bantime = 600 and the filter is: [Definition] # Option: failregex # Notes.: regex to match failures to find a home directory on a server, which # became popular last days. Most often attacker just uses IP instead of # domain name -- so expect to see them in generic error.log if you have # per-domain log files. # Values: TEXT # failregex = [[]client <HOST>[]] File does not exist: # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = Any ideas as to what may be the problem? Thanks -- -Ali http://home.pcisys.net/~aghorash/ |