After thorough testing of my jails from a testing server with dedicated IP address, that IP is now blocked by recidive as I want it to be. But now with all my testing done I have no way to reset all of Fail2Ban's log files and database.
I manually opened fail2ban.log and deleted all its contents but after restarting Fail2Ban the file is re-populated with my all my old testing data so I assume it's pulling that from the SQLite database.
Is there a simple flush database and flush logs command line to run after one if finished testing?
None
fail2ban.log file repopulated after being manually cleared.
Unable to reset logs and database
_preferably obtained while running fail2ban with loglevel = 4
_
I have resolved this from some help on the Google+ Page for Fail2Ban from Yaroslav Halchenko
I have now a simple set of commands to flush Fail2Ban
sudo service fail2ban stop
sudo truncate -s 0 /var/log/fail2ban.log
sudo rm /var/lib/fail2ban/fail2ban.sqlite3
sudo service fail2ban restart
Hope this helps someone one day.
@mitchellkrogza
Hope this helps someone one day.
...today, is that day.
I have resolved this from some help on the Google+ Page for Fail2Ban from Yaroslav Halchenko
I have now a simple set of commands to flush Fail2Ban
sudo service fail2ban stop
sudo truncate -s 0 /var/log/fail2ban.log
sudo rm /var/lib/fail2ban/fail2ban.sqlite3
sudo service fail2ban restartHope this helps someone one day.
Thanks
If you dont want to purge all entrys:
Put the ip you used for testing in jail.local into the array of ips- to ignore:
restart fail2ban, it will not reban your ip
Iodok
You can use sqlite3 command to do some statistics by querying bips table of /var/lib/fail2ban/fail2ban.sqlite3 database (if your fail2ban version < v0.11.1, change bips to bans).
Show all IP address and its jail:
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "select ip,jail from bips"
Show all unique IP address:
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "select distinct ip from bips"
I did this on CENTOS 7.x
sudo service fail2ban stop
sudo truncate -s 0 /var/log/fail2ban.log
sudo rm /var/lib/fail2ban/fail2ban.sqlite3
sudo service fail2ban start
sudo fail2ban-client reload
Just for the record...
sudo truncate -s 0 /var/log/fail2ban.log
you don't need to stop fail2ban to rotate the log (but better would be to use logrotate service, see fail2ban-logrotate)
sudo rm /var/lib/fail2ban/fail2ban.sqlite3
well in 0.11 the issue with purge was solved... also another option dbmaxmatches
gets implemented in #2402, which can help to hold database slimmer.
Complete removal of database is not recommended for several reasons.
Anyway, the "fix" for that would be either to switch to 0.11 or as workaround (until not upgraded) periodically purge it manually (in cron or timer), see https://github.com/fail2ban/fail2ban/issues/1316#issuecomment-178815912.
Most helpful comment
I have resolved this from some help on the Google+ Page for Fail2Ban from Yaroslav Halchenko
I have now a simple set of commands to flush Fail2Ban
sudo service fail2ban stop
sudo truncate -s 0 /var/log/fail2ban.log
sudo rm /var/lib/fail2ban/fail2ban.sqlite3
sudo service fail2ban restart
Hope this helps someone one day.