-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PyInotify fails after log rotation #184
Comments
so "fail2ban-0.8.8+20130411" means that you grabbed GIT snapshot few I guess the best solution for you on lenny would be to switch to polling Yaroslav O. Halchenko, Ph.D. |
Yes, I grabbed it from git a few days ago. Here is the logrotate config:
And jail.conf:
I'll be switching all servers back to polling as soon as I get the debug log from the next rotation. |
@jafcobend @yarikoptic Looking at the test failures above, it appears that poll is failing, not pyinotify... |
@kwirk but, go figure, polling works and PyInotify works until the log rolls. |
heh -- I was a good boy and upgraded all of them from lenny (it is not is there any particular about that box when you run tests? e.g. busy On Mon, 22 Apr 2013, Yaroslav Halchenko wrote:
|
Yaroslav Halchenko wrote:
The tests were run on the Intel box. Sent from my Debian Linux laptop -- http://www.debian.org/intro/about Jon Foster |
First off I should mention that I tried a patch similar to what was proposed in bug 44. Here it is:
Anyhow this resulted in the following pyinotify events in the log, after Sunday morning's rotation:
I think this shows that logrotate is creating the new file first as "auth.log.new", which is ignored since its not monitored. Then moving it to auth.log, later, which isn't triggering any events. I have not worked with pyinotify but I'm going to add the IN_MOVED_TO and IN_MOVED_FROM specifications to the watch list and see what gets logged next Sunday. I'm guessing that the IN_MOVED_TO might give me what I want... not sure if the existing fail2ban code can swallow it but one thing at a time. |
wholly molly -- indeed we must monitor both IN_MOVED_(TO|FROM) .... let me craft the unittest and probably the fix... thanks! |
@jafcobend could you give a try to this one? |
I grabbed a copy and will get this installed today. I'll let you know how it rolls next Monday. |
Ok -- I will think positive and consider it closed with f215660 which I have just pushed into master and 0.9 |
Gee! Whenever I think "positive" thinks go kaboom! However in your case it appears that the log rotation was detected as expected. It continued to ban IP addresses after the rotation. Thanks for fixing this! |
Great -- thanks for the confirmation! On Mon, 06 May 2013, Jon Foster wrote:
Yaroslav O. Halchenko, Ph.D. |
Sorry to be a pest but I'd surely like to see this work. This is basically the same thing as reported in bug 44. I see that several others complained about it after the bug was closed as fixed so I thought it best if this was put in a new bug report.The software I'm running:
fail2ban: head branch checked out 4/11/2013
pyinotify: 0.8.9
python: 2.5.2
Linux: 2.6.30
Libc: 2.7
Distro: Debian 5 (lenny).
Testcases:
I'm gathering debug logs.
The text was updated successfully, but these errors were encountered: