Log inUsernamePassword
Log me on automatically each visit    
Register
Register
Log in to check your private messages
Log in to check your private messages
SMS Forum Index » SMS User Support

Post new topic   Reply to topic
fail2ban problem
View previous topic :: View next topic  
Author Message
baboo
Senior Member


Joined: 04 Sep 2007
Posts: 676

PostPosted: Sun Jun 06, 2010 4:10 pm    Post subject: fail2ban problem Reply with quote

In checking my logs I noticed very little there. One message that repeats its self is :

Log rotation detected for /var/log/secure

I tried researching on net but it seems no one has a clear answer. It appears that something is not logging correctly. Any thoughts?

I ran lsof -w -n +D /var/log and here is output:

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
syslogd 1794 root 2w REG 8,3 13602 1060105 /var/log/messages
syslogd 1794 root 3w REG 8,3 418 1060108 /var/log/syslog
syslogd 1794 root 4w REG 8,3 116 1060103 /var/log/debug
syslogd 1794 root 5w REG 8,3 0 1060106 /var/log/secure
syslogd 1794 root 6w REG 8,3 431 1060102 /var/log/cron
syslogd 1794 root 7w REG 8,3 3033 1060104 /var/log/maillog
syslogd 1794 root 8w REG 8,3 0 1060107 /var/log/spooler
cupsd 2003 root 5u REG 8,3 35317 1058258 /var/log/cups/error_log
dovecot 2284 root 5w REG 8,3 0 1058338 /var/log/dovecot.log
dovecot 2284 root 6w REG 8,3 29389 1058339 /var/log/dovecot-info.log
fail2ban- 2313 root 5w REG 8,3 75943 1058371 /var/log/fail2ban.log
httpd 7898 root 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 7898 root 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 7898 root 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 7898 root 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log
fail2ban- 12514 root 5w REG 8,3 75943 1058371 /var/log/fail2ban.log
smbd 12561 root 2w REG 8,3 9314 1058355 /var/log/samba.smbd
smbd 12561 root 8w REG 8,3 9314 1058355 /var/log/samba.smbd
nmbd 12564 root 2w REG 8,3 7989 1058364 /var/log/samba/log.nmbd
nmbd 12564 root 3w REG 8,3 7989 1058364 /var/log/samba/log.nmbd
smbd 12573 root 2w REG 8,3 9314 1058355 /var/log/samba.smbd
smbd 12573 root 8w REG 8,3 9314 1058355 /var/log/samba.smbd
httpd 14907 apache 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 14907 apache 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 14907 apache 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 14907 apache 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log
httpd 14919 apache 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 14919 apache 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 14919 apache 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 14919 apache 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log
httpd 14924 apache 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 14924 apache 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 14924 apache 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 14924 apache 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log
httpd 14931 apache 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 14931 apache 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 14931 apache 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 14931 apache 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log
X 16054 root 0w REG 8,3 41189 1048595 /var/log/Xorg.0.log
httpd 22157 apache 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 22157 apache 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22157 apache 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22157 apache 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log
httpd 22158 apache 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 22158 apache 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22158 apache 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22158 apache 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log
httpd 22162 apache 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 22162 apache 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22162 apache 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22162 apache 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log
httpd 22163 apache 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 22163 apache 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22163 apache 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22163 apache 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log
httpd 22164 apache 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 22164 apache 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22164 apache 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22164 apache 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log
httpd 22165 apache 2w REG 8,3 5040 1058263 /var/log/httpd/error_log
httpd 22165 apache 9w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22165 apache 10w REG 8,3 305135 1058267 /var/log/httpd/access_log
httpd 22165 apache 11w REG 8,3 17119 1058268 /var/log/httpd/ssl_request_log


Is something going on here that I should be concerned about?

thanks
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Sun Jun 06, 2010 5:07 pm    Post subject: Reply with quote

It's quite normal, if a log file reach it's size limit create a new and leave up to 4 logs with the extension .1 .2 e.t.c.
You should have in your /var/log
/var/log/secure
/var/log/secure.1
/var/log/secure.2

"man logrotate" for more info Wink

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
baboo
Senior Member


Joined: 04 Sep 2007
Posts: 676

PostPosted: Sun Jun 06, 2010 5:10 pm    Post subject: Reply with quote

thanks! I actually read the manual before posting but could not find anything. I have been worrying lately because getting hit so much by Chinese servers. Very nerve racking. Don't know how you admins deal with this Smile
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Mon Jun 07, 2010 7:16 am    Post subject: Reply with quote

Fail2ban do the work for you, if something is not banned try to add a failregex entry in the appropriate filter at /etc/fail2ban/filter.d/ directory.

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
baboo
Senior Member


Joined: 04 Sep 2007
Posts: 676

PostPosted: Mon Jun 07, 2010 4:25 pm    Post subject: Reply with quote

thanks - will try
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    SMS Forum Index » SMS User Support All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional