From: Yaroslav H. <li...@on...> - 2013-01-25 18:45:37
|
interesting! I wonder if things worked just fine with sysstat and some other backend than pyinotify (e.g. polling). NB I would have tried myself but on Debian systems sysstat uses /var/log/sysstat/ directory, not a file under /var/log . Since your problem might be somehow distribution specific, might have been worth first checking with fail2ban maintainer in arch, if there is such a person... also what is the output of fail2ban-client status sshd fail2ban-client status sshd-ddos is that /var/log/sa get's listed in any of those? On Fri, 25 Jan 2013, Neil Darlow wrote: > Hi Fabian, > On Friday 25 January 2013 15:31:52 Fabian Wenk wrote: > > Check the logpath= option for your sshd-ddos jail, something > > seems to be wrong there. > Thank you for responding. > My jail.conf entries all have "enabled = false" so nothing to see there. > My jail.local just contains: > [DEFAULT] > bantime = 10800 > usedns = no > [sshd] > enabled = true > filter = sshd > action = shorewall > logpath = /var/log/auth.log > [sshd-ddos] > enabled = true > filter = sshd-ddos > action = shorewall > logpath = /var/log/auth.log > Additionally, I did: > cd /etc/fail2ban > find . -type f -exec grep -Hi 'var/log/sa' '{}' ';' > which produced no output. > I can't see why fail2ban would want to go into /var/log/sa from my > configuration, hence my question. -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |