|  | 
	
				| [SMS] - Superb Mini Server Project Support Forum |  
				|  |  
				|  |  
			
				| 
 
  
	|    |  
	
		| View previous topic :: View next topic |  
		| Author | Message |  
		| baboo Senior Member
 
 
 Joined: 04 Sep 2007
 Posts: 676
 
 
 | 
			
				|  Posted: Sun Jun 06, 2010 4:10 pm    Post subject: fail2ban problem |   |  
				| 
 |  
				| In checking my logs I noticed very little there. One message that repeats its self is : 
 Log rotation detected for /var/log/secure
 
 I tried researching on net but it seems no one has a clear answer. It appears that something is not logging correctly. Any thoughts?
 
 I ran lsof -w -n +D /var/log  and here is output:
 
 COMMAND     PID   USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME
 syslogd    1794   root    2w   REG    8,3    13602 1060105 /var/log/messages
 syslogd    1794   root    3w   REG    8,3      418 1060108 /var/log/syslog
 syslogd    1794   root    4w   REG    8,3      116 1060103 /var/log/debug
 syslogd    1794   root    5w   REG    8,3        0 1060106 /var/log/secure
 syslogd    1794   root    6w   REG    8,3      431 1060102 /var/log/cron
 syslogd    1794   root    7w   REG    8,3     3033 1060104 /var/log/maillog
 syslogd    1794   root    8w   REG    8,3        0 1060107 /var/log/spooler
 cupsd      2003   root    5u   REG    8,3    35317 1058258 /var/log/cups/error_log
 dovecot    2284   root    5w   REG    8,3        0 1058338 /var/log/dovecot.log
 dovecot    2284   root    6w   REG    8,3    29389 1058339 /var/log/dovecot-info.log
 fail2ban-  2313   root    5w   REG    8,3    75943 1058371 /var/log/fail2ban.log
 httpd      7898   root    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd      7898   root    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd      7898   root   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd      7898   root   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 fail2ban- 12514   root    5w   REG    8,3    75943 1058371 /var/log/fail2ban.log
 smbd      12561   root    2w   REG    8,3     9314 1058355 /var/log/samba.smbd
 smbd      12561   root    8w   REG    8,3     9314 1058355 /var/log/samba.smbd
 nmbd      12564   root    2w   REG    8,3     7989 1058364 /var/log/samba/log.nmbd
 nmbd      12564   root    3w   REG    8,3     7989 1058364 /var/log/samba/log.nmbd
 smbd      12573   root    2w   REG    8,3     9314 1058355 /var/log/samba.smbd
 smbd      12573   root    8w   REG    8,3     9314 1058355 /var/log/samba.smbd
 httpd     14907 apache    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd     14907 apache    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     14907 apache   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     14907 apache   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 httpd     14919 apache    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd     14919 apache    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     14919 apache   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     14919 apache   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 httpd     14924 apache    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd     14924 apache    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     14924 apache   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     14924 apache   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 httpd     14931 apache    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd     14931 apache    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     14931 apache   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     14931 apache   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 X         16054   root    0w   REG    8,3    41189 1048595 /var/log/Xorg.0.log
 httpd     22157 apache    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd     22157 apache    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22157 apache   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22157 apache   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 httpd     22158 apache    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd     22158 apache    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22158 apache   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22158 apache   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 httpd     22162 apache    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd     22162 apache    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22162 apache   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22162 apache   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 httpd     22163 apache    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd     22163 apache    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22163 apache   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22163 apache   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 httpd     22164 apache    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd     22164 apache    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22164 apache   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22164 apache   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 httpd     22165 apache    2w   REG    8,3     5040 1058263 /var/log/httpd/error_log
 httpd     22165 apache    9w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22165 apache   10w   REG    8,3   305135 1058267 /var/log/httpd/access_log
 httpd     22165 apache   11w   REG    8,3    17119 1058268 /var/log/httpd/ssl_request_log
 
 
 Is something going on here that I should be concerned about?
 
 thanks
 |  |  
		| Back to top |  |  
		| gerasimos_h Site Admin
 
 
 Joined: 09 Aug 2007
 Posts: 1757
 Location: Greece
 
 | 
			
				|  Posted: Sun Jun 06, 2010 5:07 pm    Post subject: |   |  
				| 
 |  
				| It's quite normal, if a log file reach it's size limit create a new and leave up to 4 logs with the extension .1 .2 e.t.c. You should have in your /var/log
 /var/log/secure
 /var/log/secure.1
 /var/log/secure.2
 
 "man logrotate"  for more info
   
 gerasimos_h
 _________________
 Superb! Mini Server Project Manager
 http://sms.it-ccs.com
 |  |  
		| Back to top |  |  
		| baboo Senior Member
 
 
 Joined: 04 Sep 2007
 Posts: 676
 
 
 | 
			
				|  Posted: Sun Jun 06, 2010 5:10 pm    Post subject: |   |  
				| 
 |  
				| thanks! I actually read the manual before posting but could not find anything. I have been worrying lately because getting hit so much by Chinese servers. Very nerve racking. Don't know how you admins deal with this  |  |  
		| Back to top |  |  
		| gerasimos_h Site Admin
 
 
 Joined: 09 Aug 2007
 Posts: 1757
 Location: Greece
 
 | 
			
				|  Posted: Mon Jun 07, 2010 7:16 am    Post subject: |   |  
				| 
 |  
				| Fail2ban do the work for you, if something is not banned try to add a failregex entry in the appropriate filter at /etc/fail2ban/filter.d/ directory. 
 gerasimos_h
 _________________
 Superb! Mini Server Project Manager
 http://sms.it-ccs.com
 |  |  
		| Back to top |  |  
		| baboo Senior Member
 
 
 Joined: 04 Sep 2007
 Posts: 676
 
 
 | 
			
				|  Posted: Mon Jun 07, 2010 4:25 pm    Post subject: |   |  
				| 
 |  
				| thanks - will try |  |  
		| Back to top |  |  
		|  |  
  
	| 
 
 | You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 You can attach files in this forum
 You can download files in this forum
 
 |  
 |  
		  
			|  |  
		  
			|  | SMS - Superb! Mini Server Project  © 2016 Powered by phpBB  © 2001, 2002 phpBB Group
 iCGstation v1.0 Template By Ray © 2003, 2004 iOptional
 
 
 
 
 
 
 |  |  |  |