-
Hello GitHub Community, I am currently running Fail2Ban version 0.11.2 on my host machine to monitor and manage access to an Nginx service that is operating within a Docker container. The Nginx logs are bind-mounted from the container to a directory on the host machine, and Fail2Ban is configured to observe this bound directory for any malicious activity. In fail2ban.conf, dbfile option is enabled and dbpurgeage value is increased to 1296000 [seconnds] (15 days). I'm seeking some insights into an issue I've encountered with Fail2Ban on my server. Specifically, I am seeing inconsistencies in the 'Total banned' count reported by Fail2Ban for my When running the
Based on my logs and monitoring, I am confident that the actual number of IPs that should be banned exceeds this figure. However, the reported 'Total banned' does not reflect this higher number, instead showing a limit of 10, which corresponds to the number of currently banned IPs. This is happening to other jails as well. I'm curious to know if there is a configuration setting that I might be overlooking, or if there's a known limitation within Fail2Ban that could be causing this. Is there a way to ensure that the 'Total banned' count accurately reflects all IPs that have been banned over time, rather than just the current snapshot? Thank you in advance for your assistance and any advice you can provide! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
See #3413. |
Beta Was this translation helpful? Give feedback.
-
[Update on Fail2Ban Inconsistencies with 'Total banned' Count] After further investigation into the issue I previously reported about Fail2Ban's 'Total banned' count being capped at 10 for my nginx-bad-request jail, I have realized that the server block configurations for Nginx I put in a separate To address this, I moved the server blocks to the main This experience suggests that the placement of server block configurations within Nginx can impact the logging of IP addresses and the subsequent ban enforcement by Fail2Ban. If others are facing similar issues, I recommend reviewing the Nginx configuration files to ensure that server blocks are correctly located to facilitate proper logging for Fail2Ban and hence appropriate banning. |
Beta Was this translation helpful? Give feedback.
See #3413.
Shortly: fail2ban doesn't have persistent statistic - all that values are since last start of fail2ban.