From: Klaus L. <leh...@t-...> - 2008-05-17 11:19:58
|
hi today, saturday, I wasn't connected ty my server, I get 9x emails from server: service_xyz_fail2ban stopped (there are 9 services) [11.30h] after 2 seconds there arrives me 9x emails: service_xyz_fail2ban started whats the hell there was happens? found nothing(!) in warn_logs, mailings_logs nothing means: no warning advies, no more attacks like normal [the stupid world_bot_net stops their attacks on may 14th....] no sign of an attack. and ofcourse: no reboot of server [this could be happens; I think 1-3 x per year...] AND: there was NO old fail2ban_log. it started with a new log, on 11.30 (today) here's 1st lines: 2008-05-17 11:30:40,020 fail2ban.comm : DEBUG Command: ['ping'] 2008-05-17 11:30:40,516 fail2ban.comm : DEBUG Command: ['stop', 'all'] 2008-05-17 11:30:40,839 fail2ban.actions: DEBUG Flush ban list 2008-05-17 11:30:40,839 fail2ban.actions: WARNING [apache-http11] Unban 12.345.678.9 2008-05-17 11:30:40,839 fail2ban.actions.action: DEBUG iptables -n -L INPUT | grep -q fail2ban-http11 2008-05-17 11:30:40,851 fail2ban.actions.action: DEBUG iptables -n -L INPUT | grep -q fail2ban-http11 returned suc2008-05-17 11:30:40,852 fail2ban.actions.action: DEBUG iptables -D fail2ban-http11 -s 12.345.678.9 -j DROP 2008-05-17 11:30:40,860 fail2ban.actions.action: DEBUG iptables -D fail2ban-http11 -s 66.246.163.107 -j DROP retur2008-05-17 11:30:40,860 fail2ban.actions.action: DEBUG Nothing to do and I beg it sometimes: no sign of which version started now. and no sign, that fail2ban is started. please assume, that this would be a long log. YOU can't see, fail2ban stopped [if fail2ban cracks down, ok, there would be no entry], BUT there must (please) be an entry, that fail2ban is started (really, its VERY certain; not only for me...) ----> IDEA ======== cyril asked me to patch, and I patched: asyncore-use-poll (may 15th, 2008) fail2ban runs with this unoffical patch. is this patch responsible for restarting??? it would be VERY fine. [but: please, don't kill oled logfiles, and write down: fail2ban version 0.8.2 # $Revision: 672 $ svn is starting thanks a lot. yours klaus |
From: Yaroslav H. <li...@on...> - 2008-05-18 03:52:09
|
may be it was logrotate? On Sat, 17 May 2008, Klaus Lehmann wrote: > hi > today, saturday, I wasn't connected ty my server, > I get 9x emails from server: > service_xyz_fail2ban stopped (there are 9 services) [11.30h] -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] |
From: Klaus L. <leh...@t-...> - 2008-05-18 09:26:12
|
On Sat, 17 May 2008 23:52:07 -0400, Yaroslav Halchenko wrote: <cit>may be it was logrotate? no. (there's also a logrotate acive, but, only once a month. and I have reported this error several times.) I think, it fail2ban. thanks. klaus |
From: Cyril J. <cyr...@fa...> - 2008-05-21 22:48:20
|
Hi Klaus, > cyril asked me to patch, and I patched: > asyncore-use-poll (may 15th, 2008) > fail2ban runs with this unoffical patch. > > is this patch responsible for restarting??? > it would be VERY fine. > [but: please, don't kill oled logfiles, and write down: fail2ban > version 0.8.2 # $Revision: 672 $ svn is starting > asyncore-use-poll is not responsible for restarting. It should just avoid those "Unknown error 514". Moreover, fail2ban does not remove, erase or clear any log files. So the problem should be somewhere else. Regards, Cyril |