Looks good, I am getting broadcast messages, I don't know if I am sending any yet. But the jail is working just fine. One thing I do see is you might consider a way to propagate the senders ban time for that jail so we can all share it to cut down on unban noise. Later today I will write a .service file so I can auto start fail2ban cluster. I will post them to the list if any one wants to use them, most everybody hates systemd so it is probably a moot point.
Thanks for the help Harry On Wed, 2015-08-12 at 15:23 -0300, Arturo 'Buanzo' Busleiman wrote: > Sample fail2ban-subscriber messages: > > > Aug 12 12:42:52 mx5 /fail2ban-subscriber.py[3382]: fail2ban-zmq-tools > Subscriber: Got broadcast message: mx2.mailfighter.net|ssh|Ban| > 83.234.207.60 > Aug 12 13:18:36 mx5 /fail2ban-subscriber.py[3382]: fail2ban-zmq-tools > Subscriber: Got broadcast message: mx2.mailfighter.net|ssh|Unban| > 222.186.56.175 > Aug 12 13:48:58 mx5 /fail2ban-subscriber.py[3382]: fail2ban-zmq-tools > Subscriber: Got equal hostname broadcast. Our hostname is > mx5.mailfighter.net > Aug 12 13:50:29 mx5 /fail2ban-subscriber.py[3382]: fail2ban-zmq-tools > Subscriber: Got broadcast message: mx2.mailfighter.net|ssh|Ban| > 202.195.160.11 > Aug 12 13:53:27 mx5 /fail2ban-subscriber.py[3382]: fail2ban-zmq-tools > Subscriber: Got broadcast message: mx2.mailfighter.net|ssh|Unban| > 43.229.53.81 > > > On 12 Aug 2015 2:21 pm, "Arturo 'Buanzo' Busleiman" > <bua...@buanzo.com.ar> wrote: > > Monitor,Publisher and Subscriber log a startup message. > > Try: grep -E 'monitor|subscriber' /var/log/messages > > > > On 12 Aug 2015 2:17 pm, "Harrison Johnson" > <hjohnson...@cox.net> wrote: > > That makes perfect sense line 6 of configparsing.py > clearly says its looking for fail2ban-cluster.conf I > feel like an idiot. And I am already getting messages. > I do have one additional question since this is > running systemd I don't have an auth.log, I do keep > rsyslog running for the one or two applications I have > that don't like the journal files so everything gets > echoed into var/log/messages and I pointed the > fail2bancluster jail to that log file. But I have no > clue what would normally be logged to auth.log so I > not sure if I am looking in the right place. > > On Wed, 2015-08-12 at 12:32 -0500, Harrison Johnson > wrote: > > > Arturo, > > I am getting pretty close to having it running, I > > have decided that Fedora 21 is not ready for prime > > time. I had to compile the zeromq libraries because > > pip would not recognize the pre-compiled from Fedora > > and refused to install the pyzmq package. I got past > > all that but this I can't figure out. > > > > Traceback (most recent call > > last): > > File > > "/usr/lib64/python3.4/configparser.py", line 648, in > > options > > opts = > > self._sections[section].copy() > > KeyError: 'monitor' > > > > During handling of the above > > exception, another exception occurred: > > > > Traceback (most recent call > > last): > > File "./fail2ban-monitor.py", > > line 8, in <module> > > > > monitorconfig=ConfigParsing().Section(section='monitor') > > File > > > "/usr/lib/python2.7/site-packages/fail2ban/configparsing.py", line 20, in > Section > > options = > > self.parser.options(section) > > File > > "/usr/lib64/python3.4/configparser.py", line 650, in > > options > > raise NoSectionError(section) > > configparser.NoSectionError: No > > section: 'monitor' > > > > I might be missing a python package, but I am no > > longer getting import errors when it starts up. I am > > very new to python really just half out of the egg > > so I don't even know what information you might need > > to help me with this, but if you have the time I > > would like to get this working. > > > > Thanks Harry. > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Fail2ban-users mailing list > > Fail2ban-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Fail2ban-users mailing list > Fail2ban-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
