View Single Post
Old 5th January 2012, 21:06
cbj4074 cbj4074 is offline
Senior Member
Join Date: Nov 2010
Posts: 395
Thanks: 30
Thanked 58 Times in 50 Posts

Okay, all is well, finally.

When I removed the file I had created at /etc/logrotate.d/auth, the system began logging to /var/log/auth.log again.

Even though the pure-ftpd-mysql jail in fail2ban was not monitoring this file (it was monitoring /var/log/syslog), the fact that /var/log/auth.log was empty seemed to keep fail2ban from banning via the pure-ftpd-mysql jail. This is strange, given that fail2ban continued banning for other jails, such as postfix.

I don't know why /var/log/auth.log is never rotated on this system, because I have other systems that are nearly identical on which that log is rotated every three days.

Once I sort that, I'll be a happy camper!
Reply With Quote