Our fail2ban log is currently 69G in size and about to use up all the space in our server, this is actually he second time this has happened to us and last time we did not catch it in time and went down.
Is there some way to rotate or limit the size of this file? I can’t believe we are the only ones having this issue.
And our server just shut down due to drive being full a few hours ago. I posted this yesterday and thought I had plenty of space to find a solution but it filled up quick. I found some rotation settings but they don’t seem to actually have any affect.
Please post the output of cat /etc/logrotate.d/fail2ban and logrotate -v /etc/logrotate.d/fail2ban
/var/log/fail2ban.log {
weekly
rotate 4
compress
# Do not rotate if empty
notifempty
delaycompress
missingok
postrotate
fail2ban-client flushlogs 1>/dev/null
endscript
# If fail2ban runs as non-root it still needs to have write access
# to logfiles.
# create 640 fail2ban adm
create 640 root adm
}
cat: and: No such file or directory
cat: logrotate: No such file or directory
/var/log/fail2ban.log {
weekly
rotate 4
compress
# Do not rotate if empty
notifempty
delaycompress
missingok
postrotate
fail2ban-client flushlogs 1>/dev/null
endscript
# If fail2ban runs as non-root it still needs to have write access
# to logfiles.
# create 640 fail2ban adm
create 640 root adm
}
The current config is set to rotate weekly and to keep 4 copies. If you are getting hit so hard fail2ban is using so much disk space you certainly have to tweak it.
For example you can rotate daily and every time the file reaches 1G in size with the following changes (adjust to what you want)
/var/log/fail2ban.log {
daily
size 1G
rotate 4
compress
# Do not rotate if empty
notifempty
delaycompress
missingok
postrotate
fail2ban-client flushlogs 1>/dev/null
endscript
# If fail2ban runs as non-root it still needs to have write access
# to logfiles.
# create 640 fail2ban adm
create 640 root adm
}
Your changes could be overwritten if Vital pushes any changes to the config file though they dont do changes on this file often, just so you know.
Also keep in mind, the biggest issue to me would be to figure out what is causing that amount of logs so check what fail2ban jails are getting hit so much and adjust your firewall if possible as well.
Ok, I’m gonna step back a bit because /var/log/fail2ban.log is NOT the fail2ban log on our server that is growing too big, the file I’m referring to is:
/var/log/asterisk/fail2ban.SERVERNAME.DOMAINNAME.com
(name changed to hide our servers url.)
I assumed everyone would have this log too, we are a stock install with multi-tenant and a few other official add-ons installed so I can’t see any reason to have a log no one else does.
The default logrotate configuration will only rotate the file if its named fail2ban
You can create a custom logtorare configuration file to rotate any other log file
cat > /etc/logrotate.d/asterisk-fail2ban << EOF
/var/log/asterisk/fail2ban.SERVERNAME.DOMAINNAME.com {
daily
rotate 7
missingok
notifempty
sharedscripts
create 0640 asterisk asterisk
su asterisk asterisk
postrotate
/usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null
endscript
}
EOF
I get
-bash: /etc/logrotate.d/asterisk-fail2ban: Permission denied"
Yes I tried putting sudo in front of the command as well as using touch to create the file first. Going to see if I can manually edit it.
Ok, I appear to be able to manually create and edit the file with nano so it should be done.
You can test the configuration to make sure its set correctly using
logrotate -vd /etc/logrotate.d/asterisk-fail2ban
Sorry been out of office due to the holiday but it looks good and appears to be rotating.
Last Question, this won’t affect fail2bans operation in any way correct?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.