On Thu, 28 Feb 2008, Cyril Jaquier wrote:
> Hi James, Hi Yaroslav,
> > > Starting at 12am on February 29, fail2ban started taking 100% CPU.
> > > Successive restarts did nothing, and the same is happening on another
> > > machine as well. strace isn't helpful, it just reports:
> > > gettimeofday({1204217132, 583543}, NULL) = 0
> > > futex(0x81522b0, FUTEX_WAKE, 1) = 0
> > > select(0, NULL, NULL, NULL, {0, 50000}) = 0 (Timeout)
> > > futex(0x81522b0, FUTEX_WAIT, 0, NULL) = 0
> > > futex(0x81522b0, FUTEX_WAKE, 1) = 0
> >
>
> This is maybe because fail2ban is multi-threaded and strace only look at the
> main thread.
>
> James, could you set the log level to 4? Use:
>
> # fail2ban-client set loglevel 4
>
> and look at /var/log/fail2ban.log. I suspect the "log rotation" algorithm
> here. I rewrote it completely a few weeks ago and have it running on one of my
> server. Let's wait a few hours ;)
There's lots of
2008-02-29 02:53:50,383 fail2ban.filter : DEBUG Found a match but no valid
date/time found for Feb 29 02:53:24 mooneye postfix/smtpd[3075]: NOQUEUE:
reject: RCPT from unknown[190.84.215.168]: 450 4.7.1 <[EMAIL PROTECTED]>:
Recipient address rejected: Greylisted, see
http://isg.ee.ethz.ch/tools/postgrey/help/ucc.gu.uwa.edu.au.html; from=<[EMAIL
PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
helo=<casa-ac30b5fab4.cable.net.co>. Please contact the author in order to get
support for this format
on one server, and on the other
2008-02-29 02:56:00,000 fail2ban.filter : DEBUG Found a match but no valid
date/time found for Feb 29 00:18:38 martello sshd[8303]: error: PAM:
Authentication failure for rvvs89 from 202-89-167-243.static.dsl.amnet.net.au.
Please contact the author in order to get support for this format
> P.S. Does a restart solve the problem?
No, that was the first thing I tried.
--
# TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \
# UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best |
[ "There's nobody getting rich writing ]| -- Collect and hide your |
[ software that I know of" -- Bill Gates, 1980 ]\ nuts." -- Acid Reflux #231 /
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
