Strange problem with fail2ban
I have fail2ban version 0.8.1 installed on some CentOS5 servers and it works great.
Now I have tried to install it on Redhat 5 which is practically the same as CentOS5. I installed it and copied configuration files from the working installation on CentOS5.
The problem I have is that fail2ban service does not find any failed vsftpd login in /var/log/secure while the same configuration on CentOS does.
I have tried fail2ban-regex utility and it finds all failed logins and identifies them correctly.
I have even discovered that. If I login incorrectly with vsftpd when fail2ban is stopped that is recorded in /var/secure as it should be. When I run fail2ban it opens to the log file and finds failed login which was recording while fail2ban was stopped. If I try it with fail2ban started it just reports in fail2ban.log that log file has been changed but it finds no failed logins.
What to do?
|