Am 09.04.2023 um 19:22 schrieb Endre Paller:
Hello,
On my Debian/Apache server, the access and error logs of the virtual
hosts rotate. New log files are started every half hour. The setting
is as follows:
ErrorLog "|/bin/rotatelogs
/var/../_log/_apache_log/error-%Y-%m-%d-%H-%M-%S.log 1800"
CustomLog "|/bin/rotatelogs
/var/.../_log/_apache_log/access-%Y-%m-%d-%H-%M-%S.log 1800" combined
My question is how can I configure fail2ban to always notice the
current log files?
Most used practice is to:
*use a fixed name for the log
I'm rotate via logrotate by
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
endscript
}
*so you get
error.log
error.log.1
error.log.2.gz
access.log
access.log.1
access.log.2.gz
*you can configure error.log and error.log.1 within fail2ban. fail2ban
recognize the log rotation because of changing the first line of a log.
error.log.1 should be configured to reach the full time-span in some
cases of just rotated log. The .gz logs are not read by fail2ban,
because in most cases there isn' a need for this.
Of course, i'm running CentOS, there are small differences.
regards
Peter
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
