My mistake fail2bans database is /var/lib/fail2ban/fail2ban.sqlite3 on ubuntu and mine is about 2.9 Mbytes, still not big by any stretch and quite interesting to read through (I’m using the sqlite3 command line) very primitive interface compared to mysql but there’s a table “logs” storing the details of where in the log fail2ban was and the create statement is quite interesting
CREATE TABLE logs(jail TEXT NOT NULL, path TEXT, firstlinemd5 TEXT, lastfilepos INTEGER DEFAULT 0, FOREIGN KEY(jail) REFERENCES jails(name) ON DELETE CASCADE, UNIQUE(jail, path),UNIQUE(jail, path, firstlinemd5)); CREATE INDEX logs_path ON logs(path); CREATE INDEX logs_jail_path ON logs(jail, path); firstlinemd5 appears to be to keep track of logs if they’ve been rotated so there’s no need to be concerned about long find times and extra data being loaded, bans are stored in their own table, along with details of what matched ~# fail2ban-client get dbpurgeage Current database purge age is: `- 388800seconds will show how long the data remains in the database, (guessing this is on top of the last logged time+bantime, because this is 4.5 days and recidive is 5 days so it would purge details from the database before the ban had expired). > On 10 Aug 2018, at 21:56, Philip James Clarke via Fail2ban-users > <fail2ban-users@lists.sourceforge.net> wrote: > > No fail2ban keeps a database as the logs change, located in > /usr/lib/python3/dist-packages/fail2ban/server/__pycache__/ ), all my files > in that folder total 220Kbytes it’s not a big load only storing which ip > registered against with jail. <snip> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
