Hello John,
You may find that "man syslog" or "man logger" gives the meanings of
the levels, which I think tend to be consistent amongst many logging processes.
You've not told us which log file (or files) grew large, or over what period, or how much
network activity there is and how much appears to be malicious. On my system, with
/var/log/fail2ban.log recording "INFO", there is little logging activity - perhaps 100KiB
per week. Changing the level to "NOTICE" should tell you when bans are applied or
removed.
If you already have logging set to "notice", then perhaps something is generating messages
that you do not really want to retain, and you should check your configuration to find the culprit. In
another post, it was asked how this problem might be approached. It may be that "awk" and
"sort" are your friends here - something like this:
awk '{ print $NF }' /var/log/fail2ban.log | sort | uniq --count | sort -nk1 |
less
This should show the addresses that have been found most frequently.
Feel free to use iptables (or whatever) to block those addresses so that
fail2ban does not see or report them again, or extend the fail2ban banning
period to reduce recurrence.
I hope that this helps,
--
Graham
Net (n): holes tied together with string.
On Mon, 5 Mar 2018, Rose, John B wrote:
Date: Mon, 5 Mar 2018 19:45:50
From: "Rose, John B" <[email protected]>
To: "[email protected]"
<[email protected]>
Subject: [Fail2ban-users] Explanation of fail2ban loglevel's?
Looking around we haven't found a detailed explanation of the
different "loglevel" options
Can someone point us to one?
"Notice" filled up our disk very quickly
We just want it to log when something is "banned"
and/or a suggested level
Thanks
On Mon, 5 Mar 2018, Rose, John B wrote:
Date: Mon, 5 Mar 2018 19:45:50
From: "Rose, John B" <[email protected]>
To: "[email protected]"
<[email protected]>
Subject: [Fail2ban-users] Explanation of fail2ban loglevel's?
Looking around we haven't found a detailed explanation of the
different "loglevel" options
Can someone point us to one?
"Notice" filled up our disk very quickly
We just want it to log when something is "banned"
and/or a suggested level
Thanks
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
