[Fail2ban-users] "Dangling" symlink to log file path that contains wildcard (*) causes fail2ban not to ban

[Ben J. <be...@in...>]

Hi, everyone!

Recently, I noticed that fail2ban stopped banning IP addresses (this was
after a system reboot).

I examined the log at /var/log/fail2ban.log and find:

fail2ban.comm   : WARNING Command ['set', 'apache-badbots',
'addlogpath', '/var/log/ispconfig/httpd/example.com/access.log'] has
failed. Received IOError(2, 'No such file or directory')

I know why the log file doesn't exist (there's a "dangling" symlink that
points to a file that doesn't exist, which is actually expected in this
case), and that's not my concern.

I'm just wondering if this type of error is "fatal"? It doesn't seem so,
because the fail2ban daemon does "start" and continues to run in the
background, but I see no evidence that fail2ban does any banning. And
the contents of the fail2ban log do not grow after the above error.

I created an empty file so that the above-mentioned symlink points to a
real (though empty) log file, and the error disappears. Then I see the
fail2ban log filling-up, and everything is back to normal.

If this error does actually cause fail2ban not to function at all, then
might I suggest skipping non-existing log files that are added via
"globbing" (using an asterisk (*) in the log path within the jail
definition) when the files don't exist?

If this type of skipping already happens, then is it possible that the
"dangling" symlink pointing to a non-existent file is a different
situation that requires different handling?

Thanks for any help here,

-Ben