[Fail2ban-users] If an IP is "already banned," why was it found?

Fri, 24 Aug 2018 11:51:07 -0700 


fail2ban v0.10.3
linux 4.12.14-lp150.12.7-default x86_64

  I do not understand what the entries below are telling me.
  If the IP is banned, how is it found in the logs?


----[ log entries ]----
2018-08-24 11:08:31,129 fail2ban.filter         [25601]: INFO    [assp]
Found 200.29.108.214 - 2018-08-24 11:08:30
2018-08-24 11:08:31,430 fail2ban.actions        [25601]: WARNING [assp]
200.29.108.214 already banned

2018-08-24 11:09:52,269 fail2ban.filter         [25601]: INFO
[suricata] Found 180.76.52.236 - 2018-08-24 11:09:52
2018-08-24 11:09:52,573 fail2ban.actions        [25601]: WARNING
[suricata] 180.76.52.236 already banned

2018-08-24 11:12:44,775 fail2ban.filter         [25601]: INFO    [assp]
Found 80.82.70.225 - 2018-08-24 11:12:43
2018-08-24 11:12:45,299 fail2ban.actions        [25601]: WARNING [assp]
80.82.70.225 already banned
----[ end ]----

----[ jail rules ]----
[assp]
enabled  = true
port     = smtp,465,submission
logpath  = /usr/local/bin/assp2/logs/maillog.txt
datepattern = %%Y-%%m-%%d_%%H:%%M:%%S
#
bantime = 1w
maxretry = 2
findtime = 8h
action = iptables-multiport[name=assp, port="smtp,465,submission",
protocol=tcp]
#        sendmail-whois[name=assp, [email protected],
[email protected]]


[suricata]
enabled  = true
port     = smtp,465,submission
logpath  = /data01/var/log/suricata/fast.log
datepattern = %%m/%%d/%%Y-%%H:%%M:%%S
#
bantime = 1w
maxretry = 2
findtime = 24h
action = iptables-multiport[name=suricata, port="smtp,465,submission",
protocol=tcp]
----[ end ]----

----[ status results ]----
Status for the jail: assp
|- Filter
|  |- Currently failed: 30
|  |- Total failed:     2726
|  `- File list:        /usr/local/bin/assp2/logs/maillog.txt
`- Actions
   |- Currently banned: 96
   |- Total banned:     136
Status for the jail: suricata
|- Filter
|  |- Currently failed: 111
|  |- Total failed:     1883
|  `- File list:        /data01/var/log/suricata/fast.log
`- Actions
   |- Currently banned: 400
   |- Total banned:     412
----[ end ]----

-- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to