[How to] Fail2ban on CentOS 7
-
Seems like Fail2Ban stops logging after a log rotation. Anyone else run into this?
-
@Danp said:
Seems like Fail2Ban stops logging after a log rotation. Anyone else run into this?
I don't think Fail2ban likes log rotate.
-
@thecreativeone91 said:
I don't think Fail2ban likes log rotate.
Looks that way. I found this, but it's for an older version of both F2B and Centos.
-
Added "copytruncate" to the F2B logrotate configuration file and then ran a manual log rotation. Seemed to work ok (system is still logging to fail2ban.log), but I will continue to monitor.
-
When I do
fail2ban-client status sshd
I get
[root@dc fail2ban]# fail2ban-client status sshd
ERROR NOK: ('sshd',)
Sorry but the jail 'sshd' does not existWhen I check the audit logs I get logs....
-
@Sparkum What do you get when you enter the following?:
fail2ban-client status -
[root@dc fail2ban]# fail2ban-client status
Status
|- Number of jail: 0
`- Jail list: -
Did you follow the steps and create the jail.local file?
-
-
Noticed the problem happened below.
Changed "enabled" to "enable" and looks like it works.
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
|- File list: /var/log/secure- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:Much appreciated thanks
-
@Sparkum That's strange, b/c I believe "enabled" is the correct entry.
