Created attachment 672286 [details] fail2ban-re-set-logtarget Hi. Since some time(?) EPEL's fail2ban uses SYSLOG as default logtarget in fail2ban, right? So if you just want to stick with that (quite limiting)... drop the logrotate config snippet... it's useless as there is no /var/log/fail2ban.log. If you want to allow a bit more then you suffer from the same buggy logrotate config problem, that I describe in Debian bug #697333 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697333), which I hereby refer you to. As usual Debian is a bit more mighty and provides the /etc/defaults framework with fail2ban. Fedora/EPEL doesn't seem to provide this, so I've attached here a simplified version of the script attached to the Debian bug. If you choose to add a /etc/default/fail2ban config file like Debian has one, simply take the mightier script from the Debian bug. Oh and I guess this issue also applies to Fedora and not just EPEL, can you forward it there? Cheers, Chris.
Some additions/corrections: 1) As Yaroslav pointed out in the corresponding Debian bug... the whole thing to find out the current logtarget (to then re-set it) can be done much easier with fail2ban-client get logtarget 2) Even when the postrotate phase is made dynamic,... the logrotate config snippet will still apply only to /var/log/fail2ban. So the only advantage we'd get is, that the user would need to modify the logrotate config snippet only in the first line,... not the postrotate phase. And the problem of useless "empty" rotations in the case that e.g. SYSLOG is used as target isn't solved either.
upstream bug: https://github.com/fail2ban/fail2ban/issues/458 might see if I can implement a flushlog method on fail2ban-client.
Upstream fix committed. https://github.com/fail2ban/fail2ban/pull/470/files
fail2ban-0.8.13-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/fail2ban-0.8.13-1.el6
Package fail2ban-0.8.13-1.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing fail2ban-0.8.13-1.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1985/fail2ban-0.8.13-1.el6 then log in and leave karma (feedback).
Package fail2ban-0.8.13-2.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing fail2ban-0.8.13-2.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1985/fail2ban-0.8.13-2.el6 then log in and leave karma (feedback).
fail2ban-0.8.13-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.