Charles,
I forget stuff all the time, I seem to remember a discussion about log
rotation that is nearly what you describe you might want to look in the
archives. It may also have been on the Postgres forums, I don't remember
which. For me it was an update in Fedora 21 that just uninstalled
rsyslog for some unknown reason, but I do remember a discussion about
either Fail2ban or Postgres on using syslog needing to be restarted
after log rotation to use the new file.
On Mon, 2015-10-12 at 14:15 +0100, Charles Bradshaw wrote:
> Good question. My fail2ban messages are configured to go
> to /var/log/fail2ban.log
>
> I suspect your previous reply about modifications
> to /usr/share/logwatch/default.conf/services/fail2ban.conf etc.
> are not correct under my circumstances!
>
> I should have said I have a modified /var/fail2ban/fail2ban.conf, as
> follows:
> # logtarget = SYSLOG
> logtarget = /var/log/fail2ban.log
>
> Also I have the file /etc/logrotate.d/fail2ban containing:
> /var/log/fail2ban.log {
> missingok
> notifempty
> size 30k
> create 0600 root root
> postrotate
> /usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log
> 2> /dev/null || true
> endscript
> }
>
> The original contained:
> postrotate
> /usr/bin/fail2ban-client set logtarget SYSLOG 2> /dev/null ||
> true
>
> Perhaps I should have said I'm also receiving email from Anacron
> containing this cryptic message:
> /etc/cron.daily/logrotate:
>
> Current logging target is:
> `- /var/log/fail2ban.log
>
> This is new and I presume it is from the fail2ban-client set logtarget
> during log rotation. Although I don't think the message is send every
> day. Perhaps only when fail2ban.log exceeds 30K.
>
> Thanks for your help. You will excuse an old man for forgetting what I
> have done in the past to tweak f2b.
>
> On Fri, 2015-10-09 at 10:02 -0500, Harrison Johnson wrote:
> > Are you sending fail2ban messages to a fail2ban logfile in
> > the /var/log? Or are the messages going into the journal?
> > On Thu, 2015-10-08 at 12:59 +0100, Charles Bradshaw wrote:
> > > Hi All,
> > >
> > > I'm running a regularly updated version of CentOS and fail2ban as below.
> > >
> > > # cat /etc/redhat-release
> > > CentOS release 6.7 (Final)
> > >
> > > # fail2ban-server -V
> > > Fail2Ban v0.9.2
> > > ...
> > >
> > > Following a recent update I no longer see any fail2ban logwatch reports.
> > > I used to get daily summary reports of the number of bans for each jail.
> > >
> > > My logwatch detail is set to low and if I run from the command line:
> > > # logwatch --print --detail Low --service fail2ban --range today
> > > nothing reported.
> > >
> > > detail Medium and High produce similar verbose reports:
> > > # logwatch --print --detail Medium --service fail2ban --range today
> > >
> > > ################### Logwatch 7.3.6 (05/19/07) ####################
> > > Processing Initiated: Thu Oct 8 12:56:11 2015
> > > Date Range Processed: today
> > > ( 2015-Oct-08 )
> > > Period is day.
> > > Detail Level of Output: 5
> > > Type of Output: unformatted
> > > Logfiles for Host: dell2600-1.bradcan.homelinux.com
> > > ##################################################################
> > >
> > > --------------------- fail2ban-messages Begin ------------------------
> > >
> > > **Unmatched Entries**
> > > 2015-10-08 00:05:52,019 fail2ban.filter [3890]: INFO
> > > [forum-noregister] Found 219.132.8.150
> > > ... and lots more
> > >
> > >
> > > Obviously fail2ban is still running fine and I see root emails for those
> > > jails for which detail reports are enabled. Some of my jails result in
> > > hundreds of bans per day, these don't email and I would like to
> > > re-instate the logwatch reports.
> > >
> > > Does anybody know what changed, and perhaps more importantly, how to fix
> > > the reports?
> > >
> > > Thanks in advance.
> > >
> > > ------------------------------------------------------------------------------
> > > _______________________________________________
> > > Fail2ban-users mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
> >
> > ------------------------------------------------------------------------------
> > _______________________________________________
> > Fail2ban-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
