Re: [Fail2ban-users] Fail2ban stops working after installing sysstat

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

interesting!

I wonder if things worked just fine with sysstat and some other backend
than pyinotify (e.g. polling).

NB I would have tried myself but on Debian systems sysstat uses
   /var/log/sysstat/ directory, not a file under /var/log .
   Since your problem might be somehow distribution specific, might
   have been worth first checking with fail2ban maintainer in arch, if
   there is such a person...

also what  is the output of

fail2ban-client status sshd
fail2ban-client status sshd-ddos

is that /var/log/sa get's listed in any of those?

On Fri, 25 Jan 2013, Neil Darlow wrote:

> Hi Fabian,

> On Friday 25 January 2013 15:31:52 Fabian Wenk wrote:
> > Check the logpath= option for your sshd-ddos jail, something
> > seems to be wrong there.

> Thank you for responding.

> My jail.conf entries all have "enabled = false" so nothing to see there.

> My jail.local just contains:

> [DEFAULT]
> bantime = 10800
> usedns = no

> [sshd]
> enabled = true
> filter  = sshd
> action  = shorewall
> logpath = /var/log/auth.log

> [sshd-ddos]
> enabled = true
> filter  = sshd-ddos
> action  = shorewall
> logpath = /var/log/auth.log

> Additionally, I did:

> cd /etc/fail2ban
> find . -type f -exec grep -Hi 'var/log/sa' '{}' ';'

> which produced no output.

> I can't see why fail2ban would want to go into /var/log/sa from my 
> configuration, hence my question.

-- 
Yaroslav O. Halchenko
Postdoctoral Fellow,   Department of Psychological and Brain Sciences
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834                       Fax: +1 (603) 646-1419
WWW:   http://www.linkedin.com/in/yarik        