Re: [Monitorix-general] Bug in 3.12.0
Monitorix is a system monitoring tool
Brought to you by:
mikaku
Menu
▾
▴
Re: [Monitorix-general] Bug in 3.12.0
|
From: Jordi S. <jo...@fi...> - 2020-02-27 12:02:43
|
Hello Frank, I've CCed Andreas 'Izzy' the package maintainer for Debian systems, to let him know about this issue. On 2/27/20 11:56 AM, Frank B wrote: > This looked strange to me, since I've disabled the postfix-rbl jail. > Activating this jail and reloading fail2ban stopped the warnings. As far > as I know there were no changes on my system, so I started digging > deeper and found in apt's history.log: > > === > Start-Date: 2020-02-24 09:28:55 > Commandline: apt upgrade > Upgrade: monitorix:amd64 (3.11.0-izzy1, 3.12.0-izzy1) > End-Date: 2020-02-24 09:28:57 > === > > Notice the timestamps of the first warning and the upgrade of Monitorix > to 3.12.0. The new warnings in the fail2ban log are probably due the fact that since 3.12, Monitorix uses by default the command 'fail2ban-client' to know about the number of IP bans per jail. It looks like such command routes directly these warnings to the fail2ban log. > In monitorix.conf [postfix-rbl] was enabled in the fail2ban graph > section. Disabling this and disabling the postfix-rbl jail again (the > host of my VPS has limited the number of IP packet filtering entries, so > I have to be very selective with my jail setup) fixed the situation. As > an added "bonus" I lost the history of my fail2ban graph in Monitorix; > all data in the graph before the upgrade is gone. The other graphs are fine. As stated in the manpage: "WARNING: Every time the number of entries in this option changes, Monitorix will resize the fail2ban.rrd file accordingly, removing all historical data." Monitorix creates automatically a backup of the old file, so you should have all your historical data in the file '/var/lib/monitorix/fail2ban.rrd.bak'. Just rename that file and reset the number of configured jails in Monitorix to match with that file, and you will continue enjoying your historical data. > Summary: a disabled jail in fail2ban but enabled in the fail2ban graph > section of Monitorix floods fail2ban.log with warnings. I did not try to > reproduce this issue with other jails. Yes apparently this is a fail2ban feature (perhaps configurable). To make sure, just try to force a warning in the fail2ban log by requesting information of an nonexistent jail, like this: 'fail2ban-client status jailnotexistent'. Regards. -- Jordi Sanfeliu FIBRANET Network Services Provider https://www.fibranet.cat |
