From: Keith C. <kei...@gm...> - 2012-03-17 15:45:14
|
Hello, Fail2ban List Members, Two days ago, I installed fail2ban-0.8.4-23.el5 on a CentOS 5.2 server to mitigate DDOS attacks against named. fail2ban works well, except it stops processing (apparently) right after the daily log rotation of /var/log/fail2ban.log at 4:02am. Pgrep shows that the process is still running.......... [kchristian@foo ~]$ pgrep -fl fail2ban 13680 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x ..........but there is absolutely nothing in the log file, even hours later (e.g. I checked it at 7am the day after installation, the log file was zero bytes with a timestamp of 4:02 am.) To see what the fail2ban process was doing, having written nothing to the log for several hours, I ran "strace" this morning before fail2ban was restarted: Process 13680 attached - interrupt to quit 07:41:46 futex(0xa070338, FUTEX_WAKE, 1) = 0 07:41:46 futex(0xa070338, FUTEX_WAKE, 1) = 0 07:41:46 poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 1, 30000) = 0 07:42:16 futex(0xa070338, FUTEX_WAKE, 1) = 0 07:42:16 poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 1, 30000) = 0 07:42:46 futex(0xa070338, FUTEX_WAKE, 1) = 0 07:42:46 futex(0xa070338, FUTEX_WAKE, 1) = 0 07:42:46 poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 1, 30000) = 0 07:43:16 futex(0xa070338, FUTEX_WAKE, 1) = 0 07:43:16 futex(0xa070338, FUTEX_WAKE, 1) = 0 07:43:16 poll( <unfinished ...> Any guidance from you on this list why the fail2ban log rotation would impair the fail2ban process? Thanks. Keith |
From: Yaroslav H. <li...@on...> - 2012-03-17 19:31:22
|
could you give a shout to more recent release (0.8.6) or current git master to verify if issue persists in recent versions? Thanks in advance On Sat, 17 Mar 2012, Keith Christian wrote: > Hello, Fail2ban List Members, > Two days ago, I installed fail2ban-0.8.4-23.el5 on a CentOS 5.2 server > to mitigate DDOS attacks against named. > fail2ban works well, except it stops processing (apparently) right > after the daily log rotation of /var/log/fail2ban.log at 4:02am. > Pgrep shows that the process is still running.......... > [kchristian@foo ~]$ pgrep -fl fail2ban > 13680 /usr/bin/python /usr/bin/fail2ban-server -b -s > /var/run/fail2ban/fail2ban.sock -x > ..........but there is absolutely nothing in the log file, even hours > later (e.g. I checked it at 7am the day after installation, the log > file was zero bytes with a timestamp of 4:02 am.) > To see what the fail2ban process was doing, having written nothing to > the log for several hours, I ran "strace" this morning before fail2ban > was restarted: > Process 13680 attached - interrupt to quit > 07:41:46 futex(0xa070338, FUTEX_WAKE, 1) = 0 > 07:41:46 futex(0xa070338, FUTEX_WAKE, 1) = 0 > 07:41:46 poll([{fd=3, > events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 1, 30000) = 0 > 07:42:16 futex(0xa070338, FUTEX_WAKE, 1) = 0 > 07:42:16 poll([{fd=3, > events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 1, 30000) = 0 > 07:42:46 futex(0xa070338, FUTEX_WAKE, 1) = 0 > 07:42:46 futex(0xa070338, FUTEX_WAKE, 1) = 0 > 07:42:46 poll([{fd=3, > events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 1, 30000) = 0 > 07:43:16 futex(0xa070338, FUTEX_WAKE, 1) = 0 > 07:43:16 futex(0xa070338, FUTEX_WAKE, 1) = 0 > 07:43:16 poll( <unfinished ...> > Any guidance from you on this list why the fail2ban log rotation would > impair the fail2ban process? > Thanks. > Keith > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- =------------------------------------------------------------------= Keep in touch www.onerussian.com Yaroslav Halchenko www.ohloh.net/accounts/yarikoptic |