On 27-01-18 13:32, Roman Pikalo wrote: > Hello > > I am trying to run fail2ban on my machine. > I have configured it to tail a docker container log file: > > [nginx-http-auth] > > enabled = true > filter = nginx-http-auth > port = http,https > logpath = /var/log/docker/nginx.log > > /var/log/docker/nginx.log is a symlink to real file: > > user@server:~$ ls -la /var/log/docker/nginx.log > lrwxrwxrwx 1 td-agent td-agent 52 Jan 27 08:31 /var/log/docker/nginx.log > -> /var/log/docker/nginx.20180127.b563bdd89a926a0a2.log > > Logfile is being handled by td-agent and symlinked to another file at > midnight and during the day. > <store> > type file > path /var/log/docker/nginx.*.log > symlink_path /var/log/docker/nginx.log > time_slice_format %Y%m%d > time_slice_wait 1m > append true > format single_value > message_key log > </store> > > The issue is that every time nginx.log file gets symlinked to another > file fail2ban gets confused: > 2018-01-27 00:01:54,459 fail2ban.filter : ERROR Unable to open > /var/log/docker/nginx.log > 2018-01-27 00:01:54,459 fail2ban.filter : ERROR [Errno 2] No such file > or directory: '/var/log/docker/nginx.log' > Traceback (most recent call last): > File "/usr/share/fail2ban/server/filter.py", line 491, in getFailures > has_content = container.open() > File "/usr/share/fail2ban/server/filter.py", line 569, in open > self.__handler = open(self.__filename) > IOError: [Errno 2] No such file or directory: ‘/var/log/docker/nginx.log' > > Any ideas how to make fail2ban to follow the new symlinked file ? > > > Ubuntu 14.04.4 LTS > Fail2Ban v0.8.11 >
Maybe this issue might have some useful hints for you? https://github.com/fail2ban/fail2ban/issues/1797 KInd regards, Tom
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
