On Monday, September 4, 2017 1:00 PM, Tony Collins <t...@evilplan.org.uk> wrote:
> you could check the actual live config to see if it did what you expected > [...] > fail2ban-client -d | grep dovecot-long Bingo ! I put maxretries instead of maxretry and f2b was completely silent about it. I am not sure why f2b developers chose to be silent about unknown configuration options ? root@messagerie[10.10.10.19] ~ # fail2ban-client -d | grep dovecot-long WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' ['add', 'dovecot-long', 'auto'] ['set', 'dovecot-long', 'usedns', 'warn'] ['set', 'dovecot-long', 'addlogpath', '/var/log/dovecot.log'] ['set', 'dovecot-long', 'maxretry', 3] [...] After changing it I have the correct value root@messagerie[10.10.10.19] ~ # fail2ban-client -d | grep dovecot-long WARNING 'ignoreregex' not defined in 'Definition'. Using default one: '' ['add', 'dovecot-long', 'auto'] ['set', 'dovecot-long', 'usedns', 'warn'] ['set', 'dovecot-long', 'addlogpath', '/var/log/dovecot.log'] ['set', 'dovecot-long', 'maxretry', 10] [...] > Sorry for making you go through all this. It might be a complete waste of > time, but I won't be embarrassed if someone comes along and tells you that > all you needed to do was change one "." in a file somewhere :-) Ba-dum Tisssssss :) > Hmm can I ask you to grep for "INFO" in fail2ban.log, so we can see if it's > actually logging f2b's info messages? Yes it does log INFO messages root@messagerie[10.10.10.19] ~ # grep INFO /var/log/fail2ban.log 2017-09-04 09:53:24,230 fail2ban.server [10631]: INFO Stopping all jails 2017-09-04 09:53:25,047 fail2ban.jail [10631]: INFO Jail 'postfix' stopped 2017-09-04 09:53:26,027 fail2ban.jail [10631]: INFO Jail 'postfix-sasl' stopped 2017-09-04 09:53:26,756 fail2ban.jail [10631]: INFO Jail 'dovecot-long' stopped 2017-09-04 09:53:27,625 fail2ban.jail [10631]: INFO Jail 'ssh' stopped 2017-09-04 09:53:28,427 fail2ban.jail [10631]: INFO Jail 'dovecot' stopped > it's worth upgrading cos it might simply solve this problem and run better > [...] I'm also considering giving Wazuh or OSSEC a try. I heard it's faster, consumes less ressources and is networked. Thanks a lot for your patience and awesome support ! Yassine. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
