fail2ban vs. logrotate

Mike Wohlgemuth mjw at
Mon Oct 24 17:14:47 UTC 2011

I've installed fail2ban on Fedora 15 to block repeated failed ssh 
connections.  It works great up until logrotate kicks in.  When it 
rotates /var/log/secure then fail2ban stops noticing failed ssh 
attempts.  Using fail2ban-client to reload the jail fixes the problem, 
but it also causes fail2ban to forget all currently banned IP 
addresses.  I've found scripts online that will allow for extracting the 
current bans before reloading, and then applying them again after, but 
that seems pretty extreme. I can't help but think I must be missing 
something simple that will get fail2ban to notice that the logs have 
been rotated.  Has anyone else seeing this issue?  I see some reports in 
bugzilla about fail2ban, but nothing that is definitely this problem.


More information about the users mailing list