Hi All, I am running the current default mysqld-auth filter (https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/mysqld-auth.conf), and for some reason it is banning ip adresses that do not occur in the log file and fails to ban ip's that do occur.
Jail.conf: [mysqld-iptables] enabled = true banaction = iptables-allports port = 1:65535 filter = mysqld-auth logpath = /var/log/mysql.warn bantime = 604800 findtime = 86400 maxretry = 5 mysql.warn (not banned, 148 attempts): 2015-12-29 9:58:48 140359785273088 [Warning] Access denied for user 'root'@'216.99.157.170' (using password: YES) fail2ban.log (banned, but does not occur in mysql.warn): 2015-12-29 16:32:31,127 fail2ban.actions [8772]: NOTICE [mysqld-iptables] Ban 155.94.224.210 Could anybody help me figure out what is going wrong? -- Mvg, Michiel Hazelhof. ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
