From: Charles B. <br...@br...> - 2013-09-28 00:39:00
|
Hi Ben Just some thoughts for you: I don't think fail2ban deletes logs so what did? It certainly doesn't create missing ones. Presumably the apache-badbots jail is intended to monitor the access.log files of a number of virtual servers. Does apache actually log to the file in question? example.com doesn't sound like real configuration! I don't have any wild card configurations, but I have seen exactly the same sort of missing log problem, obviously the jail does nothing if it can't stat a log file. The fail2ban-server is a single task and should continue to run because typically it's serving other jails. I think your problem can only happen in the symlink situation, it all depends on how a jail determines if a log file exists or not. It's down to the difference between the stat and lstat system calls, the former follows a symlink so will produce 'file not found', whereas lstat would not. I suppose f2b could ignore missing symlink targets, but would have to do both tests. -oldbrad On Fri, 2013-09-27 at 17:57 -0400, Ben Johnson wrote: > Hi, everyone! > > Recently, I noticed that fail2ban stopped banning IP addresses (this was > after a system reboot). > > I examined the log at /var/log/fail2ban.log and find: > > fail2ban.comm : WARNING Command ['set', 'apache-badbots', > 'addlogpath', '/var/log/ispconfig/httpd/example.com/access.log'] has > failed. Received IOError(2, 'No such file or directory') > > I know why the log file doesn't exist (there's a "dangling" symlink that > points to a file that doesn't exist, which is actually expected in this > case), and that's not my concern. > > I'm just wondering if this type of error is "fatal"? It doesn't seem so, > because the fail2ban daemon does "start" and continues to run in the > background, but I see no evidence that fail2ban does any banning. And > the contents of the fail2ban log do not grow after the above error. > > I created an empty file so that the above-mentioned symlink points to a > real (though empty) log file, and the error disappears. Then I see the > fail2ban log filling-up, and everything is back to normal. > > If this error does actually cause fail2ban not to function at all, then > might I suggest skipping non-existing log files that are added via > "globbing" (using an asterisk (*) in the log path within the jail > definition) when the files don't exist? > > If this type of skipping already happens, then is it possible that the > "dangling" symlink pointing to a non-existent file is a different > situation that requires different handling? > > Thanks for any help here, > > -Ben > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |