solved - fail2ban problem w/ apache logfiles?

  • debian wheezy


    after reboot because of a kernel and php update, fail2ban wont start ...
    it seems it can not handle the apache logfiles or non-existing logfiles
    if I disable all apache plugins from fail2ban it starts ... I dont know if this is a problem with the logpath or non-exist logfiles
    any idea?


    my log path and config:

    Code
    1. [apache-overflows]
    2. enabled = true
    3. port = http,https
    4. filter = apache-overflows
    5. logpath = /var/log/apache2/*/error.log
    6. maxretry = 2
    7. findtime = 3600
    8. bantime = 2592000
  • this is strange:

  • what the hack is jail xxx uses gamin?
    this is the first time i see this in the F2B logs ...


    i can use only this two plugins ... all other apache plugin wont start with fail2ban anymore:


    [roundcube]


    enabled = true
    port = http,https
    filter = roundcube
    logpath = /var/www/imscp/gui/public/tools/webmail/logs/errors
    maxretry = 6


    [apache-badbots]


    enabled = true
    port = http,https
    filter = apache-badbots
    logpath = /var/log/apache2/*/access.log
    maxretry = 1
    findtime = 3600
    bantime = 2592000

  • @fulltilt


    Plugins ??? You want surely say "the filters"... What are the filters which doesn't work anymore?. Post them here.


    BTW: Post moved in the correct section

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • @fulltilt


    Plugins ??? You want surely say "the filters"... What are the filters which doesn't work anymore?. Post them here.


    BTW: Post moved in the correct section


    this is just a sample, ALL other apache filters do not work anymore, I posted it here because I do not know if there is a problem with the location of the apache logs


    Code
    1. [apache-overflows]enabled = trueport = http,httpsfilter = apache-overflowslogpath = /var/log/apache2/*/error.logmaxretry = 2findtime = 3600bantime = 2592000


  • below is how it looks without any apache logfile, in this case I am able to stop, start and restart fail2ban
    if I activate any filter of apache fex. apache overloads or any other with the logpath /var/log/apache2/*/error.log
    it wont start or restart, I have to kill all processes by hand and disable the apache filter before I can start F2B.
    Before the kernel update I never had any problems with fail2ban ...


    Debain Wheezy, Kernel 3.2.0-4-amd64
    can anyone confirm this problem?



  • I can not confirm that.
    Works without problems.