Talk:MANUAL 0 8

From Fail2ban
Jump to: navigation, search

bastrocc darcnatrbas How to test the installation? This is a missing part of the manual. How can you easily test your SSH regex on an existing /var/log/auth.log ? Many thanks for fail2ban. --NBrouard 01:58, 9 January 2007 (PST)


The best way is probably to use fail2ban-regex. Currently it only supports one log line. I could extend this in order to read a file. This could be great. Thank you. --Lostcontrol 14:19, 9 January 2007 (PST)

In order to test my configuration I already changed your python fail2ban-regex in order to read a logfile:

	def testRegex(self, logline, regex):
		print
		try:
			logging.getLogger("fail2ban").setLevel(logging.DEBUG)
			print "fail2ban-testconfig =", logline, regex
			f = open(logline, "rb")
			self.__filter.addFailRegex(regex)
			for line in f:
				ret = self.__filter.findFailure(line)
				if len(ret) != 0:
					print "Success, the following data were found:"
					print "fail2ban-regex ", regex, line
					timeTuple = time.localtime(ret[0][1])
					print "Date: " + time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
					ipList = ""
					for i in ret:
						ipList = ipList + " " + i[0]
					print "IP  :" + ipList
			print "After"
			logging.getLogger("fail2ban").setLevel(logging.CRITICAL)

But, as mentioned in the new TODO section, it would be nice to not only read a complete logfile but also the filter configuration file like sshd.conf. --NBrouard 09:43, 10 January 2007 (PST)


Sorry for the delay but I was quite busy last week. You're right :) It would be nice to read logfile and filter configuration. I will look at this as soon as possible. Thank you --Lostcontrol 01:38, 16 January 2007 (PST)

real time vs old services startup time

sometimes, when we change time on server, but not reboot, our daemons works and write logs in another time space. bqz, fail2ban started in current (real) time, instead of old services, which started before time changed to real, and arising some fucking magic... when I set my findtime property in jail.local to value that more than difference between real and oldreal time - magic gone and f2b's work starts. yahoo, i said!) reboot server and go to write this)

be aware of it)... 3 hours of my resort & sleep I spent to solve that problem ;( But it's just a system which needs a reboot.

I think, problems like that must be described in formal right written english in faq (or problems and solutions) part of manual.

p.s. and maybe, we can make some functionality to make that "magic more real"?.. some warnings to fail2ban.log, or something else?..

p.p.s. I left contacts for comments and live talk if need in personal page here. with best regards)

--Qfox 02:33, 17 April 2009 (UTC)


available tags?

Perhaps id didnt get the point but i looked around for the available tags in f2b for while now and cant find any useful information about this. Problem: f2b is watching a couple of webserver logs and i want to get mail with exact information, in what logfile which line matched the regexp. Is this possible?

Reaction time

How to disable buffering of rsyslog ? --Narcisgarcia 11:37, 27 December 2010 (UTC)

redirections in the init script cause a start-up failure to go undetected

Symptoms

{ /etc/init.d/fail2ban start; } 

Starting fail2ban done

{ /etc/init.d/fail2ban status; }

Checking for service fail2ban unused

Analysis

The reason why the error message does not appear is the redirection used by [file:///etc/init.d/fail2ban the init script]:

startproc $FAIL2BAN_CLI -q $FAIL2BAN_OPTIONS start > /dev/null 2>&1

That probably means that fail2ban should not emit status messages to the console. However, since it is a service, it should emit them to the system log, which it fails to do.

Workaround

{ startproc /usr/bin/fail2ban-client -q start; }
fail2ban.server : INFO
Starting Fail2ban v0.8.4
fail2ban.server : INFO
Starting in daemon mode
ERROR
Could not start server. Maybe an old socket file is still present. Try to remove /var/run/fail2ban/fail2ban.sock. If you used fail2ban-client to start the server, adding the -x option will do it

The reason why the error message does not appear is the redirection in [file:///etc/init.d/fail2ban the init script]:

startproc $FAIL2BAN_CLI -q $FAIL2BAN_OPTIONS start > /dev/null 2>&1

However, probably because of using startproc, it still fails to return an error code when it fails.

Besides, I wonder if it is reasonable to set FAIL2BAN_OPTIONS=-x in [file:///etc/sysconfig/fail2ban the system configuration].

--Yecril71pl 09:12, 13 August 2011 (UTC)