Hello John,

        You may find that "man syslog" or "man logger" gives the meanings of 
the levels, which I think tend to be consistent amongst many logging processes.

        You've not told us which log file (or files) grew large, or over what period, or how much 
network activity there is and how much appears to be malicious.  On my system, with 
/var/log/fail2ban.log recording "INFO", there is little logging activity - perhaps 100KiB 
per week.  Changing the level to "NOTICE" should tell you when bans are applied or 
removed.

        If you already have logging set to "notice", then perhaps something is generating messages 
that you do not really want to retain, and you should check your configuration to find the culprit.  In 
another post, it was asked how this problem might be approached.  It may be that "awk" and 
"sort" are your friends here - something like this:

awk '{ print $NF }' /var/log/fail2ban.log | sort | uniq --count | sort -nk1 | 
less

        This should show the addresses that have been found most frequently.  
Feel free to use iptables (or whatever) to block those addresses so that 
fail2ban does not see or report them again, or extend the fail2ban banning 
period to reduce recurrence.

        I hope that this helps,
--
Graham
Net (n): holes tied together with string.



On Mon, 5 Mar 2018, Rose, John B wrote:

Date: Mon, 5 Mar 2018 19:45:50
From: "Rose, John B" <jbr...@utk.edu>
To: "fail2ban-users@lists.sourceforge.net"
    <fail2ban-users@lists.sourceforge.net>
Subject: [Fail2ban-users] Explanation of fail2ban loglevel's?


Looking around we haven't found a detailed explanation of the
different "loglevel" options


Can someone point us to one?


"Notice" filled up our disk very quickly


We just want it to log when something is "banned"


and/or a suggested level


Thanks


On Mon, 5 Mar 2018, Rose, John B wrote:

Date: Mon, 5 Mar 2018 19:45:50
From: "Rose, John B" <jbr...@utk.edu>
To: "fail2ban-users@lists.sourceforge.net"
    <fail2ban-users@lists.sourceforge.net>
Subject: [Fail2ban-users] Explanation of fail2ban loglevel's?


Looking around we haven't found a detailed explanation of the
different "loglevel" options


Can someone point us to one?


"Notice" filled up our disk very quickly


We just want it to log when something is "banned"


and/or a suggested level


Thanks






------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to