-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Database is too large #2918
Comments
It is depending on the |
Well, would prefer to not record in 1st place |
Well, in mentioned newer versions following entries would do exactly that (not record at all): [DEFAULT]
dbmaxmatches = 0
[DEFAULT]
maxmatches = 0 I don't know what you're calling a workaround. |
This is false,
Then specify
You can completely disable database (just it is not advisable at least for 0.11 if incremental banning is enabled, because it is used for searching for bad ips). As for jail column it is expected to distinguish the tickets of different jails (if you have only one jail, this doesn't mean other people using it also with single jail only). By the way, newest version of fail2ban would get completely different schema (where jail is only an ID) and failures (if not disabled) are stored in different table also. |
Something is completely undocumented AFAIK:
QUESTIONS:
|
Answer is "No" for 2 first of your questions.
Conditionally - fail2ban would not know the "bad" intruders anymore and those last bancount (how many times they were already banned), so it'd start to count from 1 for all IPs. All that regardless a reboots (known as bad IPs are searching in database only, not in memory). Note that fail2ban has also an automatic purge function, which would remove non-persistent bans those starttime of ban exceeds purgeage and last bantime 3 times exceeds purgearge. |
We will be very grateful, if your problem was described as completely as possible,
enclosing excerpts from logs (if possible within DEBUG mode, if no errors evident
within INFO mode), and configuration in particular of effected relevant settings
(e.g., with
fail2ban-client -d | grep 'affected-jail-name'
for a particularjail troubleshooting).
Thank you in advance for the details, because such issues like "It does not work"
alone could not help to resolve anything!
Thanks! (remove this paragraph and other comments upon reading)
Environment:
Fill out and check (
[x]
) the boxes which apply. If your Fail2Ban version is outdated,and you can't verify that the issue persists in the recent release, better seek support
from the distribution you obtained Fail2Ban from
The issue:
database is keeps growing too big, fail2ban consumes a lot of CPU and memory with size of database
Steps to reproduce
install in WHITE IP interface.
set up ban time to 1 year
Expected behavior
Most of the time we don't need to know why some IP was banned. especially for SSH bans.
line in configuration which will allow us to choose whether we need or not a recording of "data" column in table "bans"
Observed behavior
database grows really large cause column "data" have too much information
Any additional information
as a workaround I used sqlight3 command and purged column manually
update bans set data=NULL
Configuration, dump and another helpful excerpts
Any customizations done to /etc/fail2ban/ configuration
Relevant parts of /var/log/fail2ban.log file:
preferably obtained while running fail2ban with
loglevel = 4
Relevant lines from monitored log files in question:
The text was updated successfully, but these errors were encountered: