My mistake fail2bans database is /var/lib/fail2ban/fail2ban.sqlite3 on ubuntu 
and mine is about 2.9 Mbytes, still not big by any stretch and quite 
interesting to read through (I’m using the sqlite3 command line) very primitive 
interface compared to mysql but there’s a table “logs” storing the details of 
where in the log fail2ban was and the create statement is quite interesting

CREATE TABLE logs(jail TEXT NOT NULL, path TEXT, firstlinemd5 TEXT, lastfilepos 
INTEGER DEFAULT 0, FOREIGN KEY(jail) REFERENCES jails(name) ON DELETE CASCADE, 
UNIQUE(jail, path),UNIQUE(jail, path, firstlinemd5));
CREATE INDEX logs_path ON logs(path);
CREATE INDEX logs_jail_path ON logs(jail, path);

firstlinemd5 appears to be to keep track of logs if they’ve been rotated so 
there’s no need to be concerned about long find times and extra data being 
loaded, bans are stored in their own table, along with details of what matched 

~# fail2ban-client get dbpurgeage
Current database purge age is:
`- 388800seconds

will show how long the data remains in the database, (guessing this is on top 
of the last logged time+bantime, because this is 4.5 days and recidive is 5 
days so it would purge details from the database before the ban had expired).

> On 10 Aug 2018, at 21:56, Philip James Clarke via Fail2ban-users 
> <fail2ban-users@lists.sourceforge.net> wrote:
> 
> No fail2ban keeps a database as the logs change, located in 
> /usr/lib/python3/dist-packages/fail2ban/server/__pycache__/ ), all my files 
> in that folder total 220Kbytes it’s not a big load only storing which ip 
> registered against with jail.

<snip>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to