-1

I have files in /var/log/nginx/

the log file /var/log/nginx/access.log is empty.

But the /var/log/nginx/access.log.1 is being appended as always.

In file /etc/fail2ban/fail2ban.conf,

logtarget = /var/log/fail2ban.log

In the file /etc/fail2ban/jail.local, I made this:

[wordpress-xmlrpc]                                                                                                  

enabled  = true                                                                                                     
filter   = wordpress-xmlrpc                                                                                         
action   = iptables[name=WordPressXMLRPC, port=http, protocol=tcp]                                                  
logpath  = /var/log/nginx/access.log                                                                               
#logpath  = /var/log/nginx/access.log.1                                                                              
findtime = 30                                                                                                       
bantime  = 172800                                                                                                   
maxretry = 3

The settings above does not work.

I have to change it to be logpath = /var/log/nginx/access.log.1 (it works only in this file)

Then service fail2ban restart and wait for 30 seconds before it finishes reading logs and do some iptables stuff.

I have this setting in /etc/nginx/nginx.conf access_log /var/log/nginx/access.log

So anything wrong with my Nginx and fail2ban configuration?

Many thanks!

dotslash
  • 219
  • 3
  • 15

1 Answers1

1

Which Nginx log file is for fail2ban?

Whichever one contains the log entries you want to match.

So anything wrong with my Nginx and fail2ban configuration?

If it's working as you expect then no, however

the log file /var/log/nginx/access.log is empty.

But the /var/log/nginx/access.log.1 is being appended as always.

This would suggest that there is an issue with your logrotate configuration. It looks like you have rotated the log file but have not restarted nginx.

Community
  • 1
user9517
  • 114,104
  • 20
  • 206
  • 289
  • > This would suggest that there is an issue with your logrotate configuration. It looks like you have rotated the log file but have not restarted nginx. I think all of my log files are in wrong rotations now. Proved. Do you know how to correct them? – dotslash Apr 13 '16 at 10:50
  • I found it's a bug: https://bugs.launchpad.net/nginx/+bug/1450770 and [here](http://serverfault.com/questions/639128/nginx-logging-to-access-log-1-instead-of-access-log-logrotate-failing) after i upgrade to Nginx 1.8.1 Ubutnu 14.04 PPA, it is correct now. in `access.log`. Sometimes, we can not 100% trust PPA and do a quick upgrade. – dotslash Apr 13 '16 at 11:07