My system (FreePBX 188.8.131.52) keeps running out of disk space and the issue is the Fail2ban log files. There is a 1.35GB fail2ban.2 file that is 5 months old. The fail2ban.1, fail2ban.3, fail2ban.4, fail2ban.5 & fail2ban.6 files all seem to be truncated. Is there any way that I can truncate the logs? I tried issuing:
service fail2ban stop
truncate -s 0 /var/log/fail2ban.log
service fail2ban restart
But it didn’t reduce the log files at all.
Is it possible to stop the service and just delete all of the Fail2ban files in the /var/log/asterisk directories? Does anyone have any suggestions as to how to keep these log files maintained at a minimal level.
The largest files, in order of size, are as follows:
fail2ban.2 = 1.35GB
fail2ban-20171011 = 1.16GB
fail2ban-20171012 = 999,913KB
fail2ban-20171016 = 588,384KB
fail2ban-20171017 = 171,427KB
fail2ban-20171013 = 85,883KB
fail2ban-20171014 = 61,299KB
fail2ban-20171015 = 20,902KB
modify the /etc/logrotate.d/fail2ban file
Many thanks for the response. I’ve been trying to follow up on your suggestion to see what “man logrotate” means, but I am not too sure I have done anything of value.
My fail2ban file now shows:
# Customization: compress log files to save disk space
# Customization: decrease log retention time from the default 7 days
create 0600 root root
/usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log 1>/dev/null || true
#/usr/bin/fail2ban-client reload 2> /dev/null || true
But there are still 7 fail2ban-YYYYMMDD files in the /var/log/asterisk directory, and there is still a 1.35GB fail2ban.2 file dated 17th May 2017 (5 months old).
Do you have any pointers, or is there any chance that you can elaborate?
I would examine the logs and try to figure out what’s filling them up and correct it. Could be a really low registration timeout, could be an indication of attacks on the server, could be a forgotten extension on a whitelisted network repeatedly trying to authenticate with a bad username/secret.
you apparently have 2 logrotate files, the one you quote can be deleted and then look for the one with dateext in it.
logrotate -v /etc/logrotate.conf |less
Hi Dicko, much appreciation for your help. I removed the files and there were no side effects. There was a day where someone was trying to force their way on to the pbx, and this seems to have filled up the log. I am not sure why there was a file that was months old, and still need to investigate at some point, but for the time being the HDD has a bit more room.