The SNTH program controls and writes its own log files. I have no way to
control the name of the log.
Bill
At 01:25 PM 09/27/14, you wrote:
Hi Bill,
Which program does the rotation of the logfile? Do you use logrotate?
Because if you do you could just log always to the same file which is
declared in the fail2ban config.
Let's call this file "latest.log". Every day at midnight logrotate rotates
the log to a daily file. Hint: Use the copytruncate statement to avoid
errors. Then you just give fail2ban the path to "latest.log".
Greetz,
~Josef
Am 27.09.2014 um 21:14 schrieb William Lewis:
Hello all,
I have been using Fail2Ban for about a year now and love what it does. I
started out using most of the default jails, just turning on those that
applied to my system.
Recently I branched out and made my own jail for a unique program that
runs on my server 24/7/365.
As Fail2Ban runs, it reads the log and works perfectly for failed login
attempts.
The issue I have, is that the program on my server makes log file names
that use the date, and then starts a new log at midnight, and use a new
log file name. So, my log file names rotate at midnight.
The log file names (with directory) look like this:
/programs/snth/24Sept14
/programs/snth/25Sept14
/programs/snth/26Sept14
/programs/snth/27Sept14
My jail looks for files and directories with this syntax "/programs/snth/*14"
(I could just use "*" in place of "*14" as the 14 denotes the year 2014.)
What happens when Fail2Ban first runs is, Fail2Ban can see all the
currently created logs.
As midnight comes and goes and a new log file (with a new name) is
created, Fail2Ban does not see this newly created log and so Fail2Ban is
not scanning it.
So, my question is... Is there a way that I can configure Fail2Ban to be
looking for newly created logs that weren't there when Fail2Ban was first run?
Right now, I have to reload/restart Fail2Ban daily so it can look for any
new logs. But, that also then creates several emails to me (15 stopped
jails, then 15 started jails, for 30 emails), and doesn't catch potential
intruders in real time until I restart Fail2Ban.
Anyone have any ideas I'd be very appreciative.
Thanks,
Bill
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
<http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk>http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
<mailto:[email protected]>[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
