Hello
I am trying to run fail2ban on my machine.
I have configured it to tail a docker container log file:
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /var/log/docker/nginx.log
/var/log/docker/nginx.log is a symlink to real file:
user@server:~$ ls -la /var/log/docker/nginx.log
lrwxrwxrwx 1 td-agent td-agent 52 Jan 27 08:31 /var/log/docker/nginx.log ->
/var/log/docker/nginx.20180127.b563bdd89a926a0a2.log
Logfile is being handled by td-agent and symlinked to another file at midnight
and during the day.
<store>
type file
path /var/log/docker/nginx.*.log
symlink_path /var/log/docker/nginx.log
time_slice_format %Y%m%d
time_slice_wait 1m
append true
format single_value
message_key log
</store>
The issue is that every time nginx.log file gets symlinked to another file
fail2ban gets confused:
2018-01-27 00:01:54,459 fail2ban.filter : ERROR Unable to open
/var/log/docker/nginx.log
2018-01-27 00:01:54,459 fail2ban.filter : ERROR [Errno 2] No such file or
directory: '/var/log/docker/nginx.log'
Traceback (most recent call last):
File "/usr/share/fail2ban/server/filter.py", line 491, in getFailures
has_content = container.open()
File "/usr/share/fail2ban/server/filter.py", line 569, in open
self.__handler = open(self.__filename)
IOError: [Errno 2] No such file or directory: ‘/var/log/docker/nginx.log'
Any ideas how to make fail2ban to follow the new symlinked file ?
Ubuntu 14.04.4 LTS
Fail2Ban v0.8.11
——————
Bregs, Roman
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
