I use the following settings in /etc/logrotate.d/fail2ban
/var/log/fail2ban.log {
missingok
notifempty
monthly
rotate 13
create 640 root adm
postrotate
/usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log 2>
/dev/null || true
endscript
}
I do this because my custom blacklist filter (like recidive) monitors
fail2ban.log
logpath = /var/log/fail2ban.*
I also have my auth and nginx logs also set to remain uncompressed and roll
over after 13 months.
Granted mine might not be the 100% right way but it works for me and while
there is about a 50% spike in cpu on starting Fail2ban for a few minutes, I
never have any issues with any resources being wasted reading those logs and my
blacklist is precise because of it.
Kind Regards
Mitchell
On 2018/06/30 07:45:08, zypA13510 <[email protected]> wrote:
Hi,
Could someone give a definitive answer to this question: do I need to configure
fail2ban to monitor the rotated log files in addition to the main log file?
There is a similar question here: https://serverfault.com/q/490138/320744,
[https://serverfault.com/q/490138/320744,] but just like everywhere else, it
gives me contradictory info.
If I'm not mistaken, the DB referred to in dbpurgeage is used for keeping
failed attempts (or just banned ip)? If so, then as long as I set dbpurgeage
greater than the maximum findtime, I do not need to monitor rotated log files,
and fail2ban will look for any failed attempts from the DB? I want to make sure
I don't waste resources reading an old log for nothing.
Regards,
Yuping Zuo
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech
sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
Fail2ban-users mailing list [email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
