Re: [Fail2ban-users] If an IP is "already banned, " why was it found?

Fri, 24 Aug 2018 12:24:02 -0700 

Maybe it's finding it in firewall logs?

Wayne Sallee
[email protected]
http://www.WayneSallee.com

On 08/24/2018 02:48 PM, James Moe via Fail2ban-users wrote:

fail2ban v0.10.3
linux 4.12.14-lp150.12.7-default x86_64

   I do not understand what the entries below are telling me.
   If the IP is banned, how is it found in the logs?


----[ log entries ]----
2018-08-24 11:08:31,129 fail2ban.filter         [25601]: INFO    [assp]
Found 200.29.108.214 - 2018-08-24 11:08:30
2018-08-24 11:08:31,430 fail2ban.actions        [25601]: WARNING [assp]
200.29.108.214 already banned

2018-08-24 11:09:52,269 fail2ban.filter         [25601]: INFO
[suricata] Found 180.76.52.236 - 2018-08-24 11:09:52
2018-08-24 11:09:52,573 fail2ban.actions        [25601]: WARNING
[suricata] 180.76.52.236 already banned

2018-08-24 11:12:44,775 fail2ban.filter         [25601]: INFO    [assp]
Found 80.82.70.225 - 2018-08-24 11:12:43
2018-08-24 11:12:45,299 fail2ban.actions        [25601]: WARNING [assp]
80.82.70.225 already banned
----[ end ]----

----[ jail rules ]----
[assp]
enabled  = true
port     = smtp,465,submission
logpath  = /usr/local/bin/assp2/logs/maillog.txt
datepattern = %%Y-%%m-%%d_%%H:%%M:%%S
#
bantime = 1w
maxretry = 2
findtime = 8h
action = iptables-multiport[name=assp, port="smtp,465,submission",
protocol=tcp]
#        sendmail-whois[name=assp, [email protected],
[email protected]]


[suricata]
enabled  = true
port     = smtp,465,submission
logpath  = /data01/var/log/suricata/fast.log
datepattern = %%m/%%d/%%Y-%%H:%%M:%%S
#
bantime = 1w
maxretry = 2
findtime = 24h
action = iptables-multiport[name=suricata, port="smtp,465,submission",
protocol=tcp]
----[ end ]----

----[ status results ]----
Status for the jail: assp
|- Filter
|  |- Currently failed: 30
|  |- Total failed:     2726
|  `- File list:        /usr/local/bin/assp2/logs/maillog.txt
`- Actions
    |- Currently banned:        96
    |- Total banned:    136
Status for the jail: suricata
|- Filter
|  |- Currently failed: 111
|  |- Total failed:     1883
|  `- File list:        /data01/var/log/suricata/fast.log
`- Actions
    |- Currently banned:        400
    |- Total banned:    412
----[ end ]----




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to