On Fri, 04 Jan 2013, Christoph Anton Mitterer wrote: > fail2ban's logrotate config file (/etc/logrotate.d/fail2ban) unconditionally > overwrites fail2bans logtarget to /var/log/fail2ban.log during the postrotate > phase.
> So when a user has modified the logtarget in /etc/fail2ban/fail2ban.conf > this will get mangled up after the first run of logrotate. good catch! > Is the call to fail2ban-client set logtarget necessary at all? I guess > it lets fail2ban recreate the logfile... but has anyone checked whether > this can be done differently (e.g. SIGHUP)? not a bad idea! but what about just adding a command to the client e.g. fail2ban-client touch logtarget which would be passed to the server to do the needed action (i.e. if logging is done to a file): server.setLogTarget(server.getLogTarget())? [syntax is the price of compatibility all the way to python 2.3 at some point in the past ;-) ] care to work out a patch? > Alternatively one could call fail2ban-client reload ... but this will put all > other > configuration changes into effect... I doubt we desire that logrotate > automatically > does this. yeah -- it might have also a side-effect of dropping bans, that is how re-specification of the log file was born ;-) > If it's necessary then please switch to do the following: > Please call a small helper script (which should not go into the PATH) > in the postrotate phase which detects the current value of logtarget. > The attached script[0] reloads the logtarget setting. It parses > /etc/default/fail2ban > to find out whether any other config dir (-c) was set, if not it falls back to > /etc/fail2ban. i.e. it achieves something like fail2ban-client get logtarget | sed -ne '$s/^[-` ]*//gp' ? > Best would be to lobby upstream to add a command to fail2ban-client which > makes the > logfile (if any) recreated. heh heh... please do not lobby me -- I am performing upstream duties (as well) atm ;-) -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
