fail2ban vs. logrotate
tom at impact-crater.com
Tue Oct 25 20:25:59 UTC 2011
On 10/25/2011 4:12 PM, Mike Wohlgemuth wrote:
> On 10/25/2011 11:12 AM, Mikkel L. Ellertson wrote:
>> It looks like you would have to modify the syslog logrotate script
>> and add a second command in the postrotate section after it restarts
>> syslogd. Does fail2ban accept a SIGHUP to close and reopen the log file?
> That was my first thought, but I don't see any way to get fail2ban to
> reopen the log file without also forgetting the current ban list.
For what it's worth, I have been using fail2ban and logrotate together
in a vanilla configuration for some time now and have never experienced
this problem. Right now it is running without incident on RHEL 5.7 and
F14. Are you sure you didn't tweak something, either on purpose or by
accident, when you configured things? If you haven't, then perhaps
something has changed and that is why it no longer works as expected.
More information about the users