From: Alex P. <al...@er...> - 2005-09-23 13:30:16
|
Hi I've installed fail2ban on debian unstable (fail2ban 0.5.3-1), and i'm having a problem getting fail2ban to ban anything, even when I deliberately flood the log from a test host. I've enabled debug and it gives me: 2005-09-23 14:19:55,355 DEBUG: [logreader.py (134)] /var/log/auth.log 2005-09-23 14:19:55,357 DEBUG: [logreader.py (122)] Setting file position to 828016L for /var/log/auth.log 2005-09-23 14:22:19,558 DEBUG: [logreader.py (106)] /var/log/auth.log has been modified 2005-09-23 14:22:19,591 DEBUG: [logreader.py (134)] /var/log/auth.log 2005-09-23 14:22:19,662 DEBUG: [logreader.py (122)] Setting file position to 828091L for /var/log/auth.log 2005-09-23 14:25:10,233 DEBUG: [logreader.py (106)] /var/log/auth.log has been modified 2005-09-23 14:25:10,647 DEBUG: [logreader.py (134)] /var/log/auth.log 2005-09-23 14:25:10,650 DEBUG: [logreader.py (122)] Setting file position to 828185L for /var/log/auth.log 2005-09-23 14:27:18,961 DEBUG: [logreader.py (106)] /var/log/auth.log has been modified 2005-09-23 14:27:18,965 DEBUG: [logreader.py (134)] /var/log/auth.log 2005-09-23 14:27:18,969 DEBUG: [logreader.py (122)] Setting file position to 828279L for /var/log/auth.log Is this similar to the bug that's currently open about spurious log-rotation? Or have I just misconfigured something. Regards Alex |
From: Cyril J. <cyr...@bl...> - 2005-09-24 13:06:10
|
Hi, > 2005-09-23 14:19:55,355 DEBUG: [logreader.py (134)] /var/log/auth.log > 2005-09-23 14:19:55,357 DEBUG: [logreader.py (122)] Setting file > position to 828016L for /var/log/auth.log > 2005-09-23 14:22:19,558 DEBUG: [logreader.py (106)] /var/log/auth.log > has been modified > 2005-09-23 14:22:19,591 DEBUG: [logreader.py (134)] /var/log/auth.log > 2005-09-23 14:22:19,662 DEBUG: [logreader.py (122)] Setting file > position to 828091L for /var/log/auth.log > 2005-09-23 14:25:10,233 DEBUG: [logreader.py (106)] /var/log/auth.log > has been modified > 2005-09-23 14:25:10,647 DEBUG: [logreader.py (134)] /var/log/auth.log > 2005-09-23 14:25:10,650 DEBUG: [logreader.py (122)] Setting file > position to 828185L for /var/log/auth.log > 2005-09-23 14:27:18,961 DEBUG: [logreader.py (106)] /var/log/auth.log > has been modified > 2005-09-23 14:27:18,965 DEBUG: [logreader.py (134)] /var/log/auth.log > 2005-09-23 14:27:18,969 DEBUG: [logreader.py (122)] Setting file > position to 828279L for /var/log/auth.log > > Is this similar to the bug that's currently open about spurious > log-rotation? No, I don't think it is the same bug. The message "Setting file position to ####L for /var/log/auth.log" should appear only when "/var/log/auth.log" is modified. You can do a "tail -f /var/log/fail2ban.log" and try to log from another computer and look if Fail2ban detects a modification in "auth.log". > Or have I just misconfigured something. Could you post an example of a login failure available in "auth.log" please? Could you post your "/etc/fail2ban.conf" file too? I won't be online for the next 2 weeks. Sorry :( Maybe Yaroslav could help you. Regards, Cyril Jaquier |