Hi,

I am using fail2ban for Freeswitch (security). I was running it for about one year and it was working perfectly. Suddenly it stopped working, I did not make any centos update (I am running cetos 5.8), I did not make any other modification.

In log file I can not see any problems. What could be a reason for this behaviour, where should I be looking for troubles, could be to big FS log file problem?

Thanks!

Miha

My configuration:

jail.conf

(in the end of file)

[freeswitch]
enabled  = true
port     = 5060,5061,5080,5081
filter   = freeswitch
logpath  = /usr/local/freeswitch/log/freeswitch.log
maxretry = 10
action   = iptables-allports[name=freeswitch, protocol=all]
           sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org]


filter.d/freeswitch.conf

# Fail2Ban configuration file
#
# Author: Rupa SChomaker
#

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =


log:

2012-10-24 12:58:48,619 fail2ban.server : INFO   Exiting Fail2ban
2012-10-24 12:58:52,069 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2012-10-24 12:58:52,070 fail2ban.jail   : INFO   Creating new jail 'freeswitch'
2012-10-24 12:58:52,071 fail2ban.jail   : INFO   Jail 'freeswitch' uses Gamin
2012-10-24 12:58:52,086 fail2ban.filter : INFO   Added logfile = /usr/local/freeswitch/log/freeswitch.log
2012-10-24 12:58:52,087 fail2ban.filter : INFO   Set maxRetry = 10
2012-10-24 12:58:52,088 fail2ban.filter : INFO   Set findtime = 600
2012-10-24 12:58:52,088 fail2ban.actions: INFO   Set banTime = 600
2012-10-24 12:58:52,101 fail2ban.jail   : INFO   Jail 'freeswitch' started
2012-10-24 13:06:27,039 fail2ban.filter : INFO   Log rotation detected for /usr/local/freeswitch/log/freeswitch.log
[root@fs1 filter.d]#



[root@fs1 filter.d]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
fail2ban-freeswitch  all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain fail2ban-freeswitch (1 references)
target     prot opt source               destination        
RETURN     all  --  anywhere             anywhere           
[root@fs1 filter.d]#