Issue Fail2Ban hangs and turns off

[daanse]

Hi,
can i "tune" Fail2Ban for a bigger Server?
i have at about 280 Sites on one Server and already turned this Piped Logs and Prefork to on.
Any Ideas would be awesome?
if i want to whitelist or aktivate an Ip i have to wait at about 1 Minute till something happens in Panel...

 

[Lloyd_mcse]

Hi Daka Media KG,
have a look at this kb article...

https://kb.plesk.com/en/122407

That may help.

@trialotto may be around, he's very good with Fail2Ban and may have suggestions too.

Regards

Lloyd

 

[daanse]

Hi,
thank you.
i just ran:

# ps aux | grep fail2ban|awk '{print $2}'
7795
28421

What does these Numbers mean? I'm at Step 1 from the Solution below 300 Domains.

 

[daanse]

Also also noticed something.
i went to Fail2Ban > Logs > opend the First File /var/log/fail2ban.log <-
and the first Lines of this File are always doubled for each Domain

2016-06-19 06:54:30,117 fail2ban.filter [15182]: INFO Log rotation detected for /var/www/vhosts/system/somedomain.de/logs/access_log
2016-06-19 06:54:30,361 fail2ban.filter [15182]: INFO Log rotation detected for /var/www/vhosts/system/somedomain.de/logs/access_log
2016-06-19 06:54:41,695 fail2ban.filter [15182]: INFO Log rotation detected for /var/www/vhosts/system/somedomain2.de/logs/access_log
2016-06-19 06:54:41,946 fail2ban.filter [15182]: INFO Log rotation detected for /var/www/vhosts/system/somedomain2.de/logs/access_log

does this means something?

 

[Lloyd_mcse]

Hi,
your first post looks like you have a stuck process as you have 2, on my test server i get...

root@plesk:~# ps aux | grep fail2ban|awk '{print $2}'
9471

The second post, that's fail2ban logging when Plesk runs logrotate.
I hope that answers your questions.
Regards

Lloyd

 

[trialotto]

@Daka Media KG,

I suggest that I will create a new (private) conversation with you and invite @Lloyd_mcse loyd_mcse, so we can have a look together and discuss

- the (multiple) root causes of the problem and the priority of each of them,
- alternative solutions, in order to fine-tune your system.

Would that be a good suggestion, acceptable for both of you? (both @Daka Media KG and @Lloyd_mcse)

Regards........

 

[daanse]

Okay,
how can i kill the 28421 ? Seems for me, it doesnt belong there?
am i supposed to run the full command with the "|xargs kill -9" ?

 

[Lloyd_mcse]

Okay,
how can i kill the 28421 ? Seems for me, it doesnt belong there?
am i supposed to run the full command with the "|xargs kill -9" ?

Yeah that's right...

# ps aux | grep fail2ban|awk '{print $2}'|xargs kill -9

Run that and it will kill the processes for you.
Regards

Lloyd

 

[trialotto]

@Lloyd_mcse and @Daka Media KG

The conversation has been created.

Take your time.

PS..........Note that running the command

ps aux | grep fail2ban|awk '{print $2}'

will yield the process IDs for

1) the fail2ban process itself: this process should not be killed in anyway
2) the grep process: this process is irrelevant,

and, in short, adding the "xargs kill -9" to the end is essentially the same as executing the command: service fail2ban stop (and that is a bit more safe, kill -9 is rather forceful).