Kingsley, I just spent the last four days troubleshooting an issue with logwatch (I know, just wait for it) on a Fedora 20 machine where my logwatch email stopped giving me most of the information that I wanted, this was the day after a kernel update and I had installed some tex programs as well. I thought it might have been an selinux problem but I was not getting any AVC messages couple of days reading about selinux and I decided that was not the problem. I was not suspecting any thing else because 2 of my jails were working normally and one of the other two was getting less activity but still working. Rolling back everything that I just installed didn't work either, nor did rolling back the kernel. I relabeled the file system again without help. Then (here it is) I found the rsyslog service was stopped so systemd was not exporting messages to the syslog files where logwatch (and fail2ban) does most of it's looking. I'm not saying this is you problem but it is a place to look. I monitor my logs with the journalctl commands so everything looked good to me, but logwatch and fail2ban were not seeing all the messages.
On Tue, 2015-06-02 at 14:12 -0400, Kingsley Hill wrote: > I have fail2ban working to protect my Asterisk servers. Almost > everything works like it should. When I change any fail2ban > configuration file and restart fail2ban (or reload it) (Fedora 21, > using IPTables) the appropriate miscreants are sent to IPTables Hell > and all is right with the world. BUT, that is the end of it. When a > new miscreant comes along and attacks my server I see the several > (retry limit is 4) new entries in the log file (findtime is a day) and > they aren’t coming particularly quickly (a few seconds to a minute in > between attempts), but fail2ban doesn’t do anything. It does not > appear to be reading the log file on a regular basis (reported to be > every second). I assume fail2ban goes out, looks at the log file for > its time or size and if those numbers have changed it re-reads the > file or a part of it. Whatever it is doing, it isn’t for Asterisk. > The same instance of fail2ban is doing a fine job of sending the ssh > demons back to Hell so it is running. > > > > If I run: > > fail2ban-client get asterisk logpath > > I get: > > No file is currently monitored > > And the fail2ban debug log says: > > fail2ban.server [18925]: INFO Jail asterisk is not a > FileFilter instance > > > > So…what am I doing wrong? > > > > Thanks. > > > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
