[Fail2ban-users] NOTICE Jail started without 'journalmatch' set

Sat, 10 Jul 2021 02:53:37 -0700

I am running F2b v0.11.1 from EPEL on ClearOS 7 (binary compatible with Centos7). Every time I start f2b I see the following in my logs:
2021-07-09 07:18:48,499 fail2ban.filtersystemd  [5101]: INFO [postfix] Added journal match for: '_SYSTEMD_UNIT=postfix.service' 
2021-07-09 07:18:48,505 fail2ban.filter         [5101]: INFO maxRetry: 5
2021-07-09 07:18:48,505 fail2ban.filter         [5101]: INFO encoding: UTF-8
2021-07-09 07:18:48,505 fail2ban.filter         [5101]: INFO findtime: 36000
2021-07-09 07:18:48,505 fail2ban.actions        [5101]: INFO banTime: 432000
2021-07-09 07:18:48,506 fail2ban.jail           [5101]: INFO Creating new jail 'postfix-sasl' 2021-07-09 07:18:48,506 fail2ban.jail           [5101]: INFO    Jail 'postfix-sasl' uses systemd {} 2021-07-09 07:18:48,506 fail2ban.jail           [5101]: INFO Initiated 'systemd' backend 2021-07-09 07:18:48,506 fail2ban.filtersystemd  [5101]: INFO [postfix-sasl] Added journal match for: '_SYSTEMD_UNIT=postfix.service' 
2021-07-09 07:18:48,508 fail2ban.filter         [5101]: INFO maxRetry: 1
2021-07-09 07:18:48,508 fail2ban.filter         [5101]: INFO encoding: UTF-8
2021-07-09 07:18:48,508 fail2ban.filter         [5101]: INFO findtime: 14400
2021-07-09 07:18:48,508 fail2ban.actions        [5101]: INFO banTime: 432000
2021-07-09 07:18:48,508 fail2ban.jail           [5101]: INFO Creating new jail 'cyrus-imap' 2021-07-09 07:18:48,508 fail2ban.jail           [5101]: INFO    Jail 'cyrus-imap' uses systemd {} 2021-07-09 07:18:48,508 fail2ban.jail           [5101]: INFO Initiated 'systemd' backend 
2021-07-09 07:18:48,510 fail2ban.filter         [5101]: INFO maxRetry: 1
2021-07-09 07:18:48,510 fail2ban.filter         [5101]: INFO encoding: UTF-8
2021-07-09 07:18:48,510 fail2ban.filter         [5101]: INFO findtime: 86400
2021-07-09 07:18:48,510 fail2ban.actions        [5101]: INFO banTime: 432000
<snip>
2021-07-09 07:18:48,993 fail2ban.jail           [5101]: INFO    Jail 'postfix' started 2021-07-09 07:18:48,997 fail2ban.jail           [5101]: INFO    Jail 'postfix-sasl' started 2021-07-09 07:18:48,997 fail2ban.filtersystemd  [5101]: NOTICE  Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons. 2021-07-09 07:18:48,998 fail2ban.jail           [5101]: INFO    Jail 'cyrus-imap' started 


I assume the journalmatch warning is in reference to the preceding jail, 
postfix-sasl, but if that is the case, why is the postfix jail not 
seeing the same warning?



At the same time the jails are using the default basic configuration 
except for changed findtime, bantime and max retries, and for cyrus-imap 
the port range is extended to include imap3, pop3 and pop3s.


Do you know why I am getting the warning and what do I need to do to fix it?

Regards,

Nick


_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to