Okay, all is well, finally.
When I removed the file I had created at /etc/logrotate.d/auth
, the system began logging to /var/log/auth.log
Even though the pure-ftpd-mysql jail in fail2ban was not monitoring this file (it was monitoring /var/log/syslog
), the fact that /var/log/auth.log
was empty seemed to keep fail2ban from banning via the pure-ftpd-mysql jail. This is strange, given that fail2ban continued banning for other jails, such as postfix.
I don't know why /var/log/auth.log
is never rotated on this system, because I have other systems that are nearly identical on which that log is rotated every three days.
Once I sort that, I'll be a happy camper!