You should only get your week of peace from the recidive Ban and not the Found. Found means it has found one instance matching the recidive filter in your log, but your recidive jail needs 3 Found messages in 1 day, before it will ban for a week. You should get your week of peace from 2016-10-05 10:20:42 (ignoring the sshd Unban).
Nick On 2016-10-05 12:45, Jean-Max Reymond wrote: > Hi, > In my log files, I have these messages. So, with the message [recidive] > Found 218.65.30.56, I am expecting one week of peace. > What's wrong ? > thanks for your tips, > > 2016-10-05 09:37:28,735 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 09:37:30,594 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 09:37:49,092 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 09:37:51,503 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 09:37:59,486 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 09:38:00,328 fail2ban.actions [13357]: NOTICE [sshd] > Ban 218.65.30.56 > 2016-10-05 09:38:00,333 fail2ban.filter [13357]: INFO > [recidive] Found 218.65.30.56 > 2016-10-05 09:38:02,258 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 09:48:00,332 fail2ban.actions [13357]: NOTICE [sshd] > Unban 218.65.30.56 > 2016-10-05 10:04:48,679 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:04:51,016 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:05:02,766 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:05:06,019 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:05:09,782 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:05:10,698 fail2ban.actions [13357]: NOTICE [sshd] > Ban 218.65.30.56 > 2016-10-05 10:05:10,699 fail2ban.filter [13357]: INFO > [recidive] Found 218.65.30.56 > 2016-10-05 10:05:11,336 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:15:10,794 fail2ban.actions [13357]: NOTICE [sshd] > Unban 218.65.30.56 > 2016-10-05 10:20:25,425 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:20:27,731 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:20:29,960 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:20:38,750 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:20:41,835 fail2ban.filter [13357]: INFO [sshd] > Found 218.65.30.56 > 2016-10-05 10:20:42,379 fail2ban.actions [13357]: NOTICE [sshd] > Ban 218.65.30.56 > 2016-10-05 10:20:42,385 fail2ban.filter [13357]: INFO > [recidive] Found 218.65.30.56 > 2016-10-05 10:20:42,846 fail2ban.actions [13357]: NOTICE > [recidive] Ban 218.65.30.56 > 2016-10-05 10:30:42,460 fail2ban.actions [13357]: NOTICE [sshd] > Unban 218.65.30.56 > > > My jail.local file (ubuntu 16.04 LTS) > [recidive] > > enabled = true > logpath = /var/log/fail2ban.log > banaction = iptables-allports > bantime = 604800 ; 1 week > findtime = 86400 ; 1 day > maxretry = 3 > > > [sshd] > > enabled = true > port = ssh > logpath = %(sshd_log)s > maxretry = 5 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
