Hi Bill, Which program does the rotation of the logfile? Do you use logrotate? Because if you do you could just log always to the same file which is declared in the fail2ban config.
Let's call this file "latest.log". Every day at midnight logrotate rotates the log to a daily file. Hint: Use the copytruncate statement to avoid errors. Then you just give fail2ban the path to "latest.log". Greetz, ~Josef Am 27.09.2014 um 21:14 schrieb William Lewis: > Hello all, > > I have been using Fail2Ban for about a year now and love what it does. > I started out using most of the default jails, just turning on those > that applied to my system. > > Recently I branched out and made my own jail for a unique program that > runs on my server 24/7/365. > > As Fail2Ban runs, it reads the log and works perfectly for failed > login attempts. > > The issue I have, is that the program on my server makes log file > names that use the date, and then starts a new log at midnight, and > use a new log file name. So, my log file names rotate at midnight. > > The log file names (with directory) look like this: > > */programs/snth/24Sept14 > /programs/snth/25Sept14 > /programs/snth/26Sept14 > /programs/snth/27Sept14 > > *My jail looks for files and directories with this syntax > "*/programs/snth/*14" > *(I could just use "*" in place of "*14" as the 14 denotes the year 2014.) > > What happens when Fail2Ban first runs is, Fail2Ban can see /_all the > currently created logs_/. > > As midnight comes and goes and a new log file (with a new name) is > created, Fail2Ban does not see this newly created log and so Fail2Ban > is not scanning it. > > So, my question is... Is there a way that I can configure Fail2Ban to > be looking for newly created logs that weren't there when Fail2Ban was > first run? > > Right now, I have to reload/restart Fail2Ban daily so it can look for > any new logs. But, that also then creates several emails to me (15 > stopped jails, then 15 started jails, for 30 emails), and doesn't > catch potential intruders in real time until I restart Fail2Ban. > > Anyone have any ideas I'd be very appreciative. > > Thanks, > Bill > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
