Hello,
I am very new (like infant new) this PBX so I apologize in advance with the noob questions.
I have a client who reported that their PBX system went down due to the VG-root directory being full.
They cleared up a few GB of logs to get the system functional again but the partition for sangmomVG-Root is still at like 99% full.
Before just throwing more space at it, I looked in to what could be filling up all the space and sure enough, the fail2ban logs are using like 63 GB of space…
I found an article from here to stop the fail2ban service, clear the sqlite db and restart it but it looks like fail2ban service is disabled by default.
I am a bit confused as to whether or not fail2ban was running to collect these logs and simply failing to start back up or if it still collects these logs even if the service is not running.
I see there is a forum post from couple of years ago to update the systemadmin version to 15+ (the current PBX is at 12.7.8-2107-3.sng7).
Before I update the version, just trying to figure out if fail2ban should be even running to begin with.
If you are using FreePBX 15 or 16 (you should be ok).
You can basically control all things fail2ban using the System Admin module, but it is best if you have the paid-for version of this.
Purchase and get installed: System Admin Pro
If you are using FreePBX 14 or something “hand rolled” …
Keep this post updated.
The take away there is that it’s possible that the system was configured to be exposed to any and all traffic and malicious traffic was causing the logs to be full. Start by ensuring that only trusted traffic can connect to your asterisk system.