gitea
fee62b303f
fail2ban only expands glob logpath at startup, so proxy-host-2_access.log and later files are never monitored until a manual reload. Adds logwatch.sh (supervisord-managed) that polls /nginx-logs every 30s and runs fail2ban-client reload whenever a new proxy-host-*_access.log is detected. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
23 lines
1.1 KiB
Bash
23 lines
1.1 KiB
Bash
#!/bin/bash
|
|
# ── Log file watcher ──────────────────────────────────────────────────────────
|
|
# Polls /nginx-logs every 30s. If a new proxy-host-*_access.log appears,
|
|
# reloads fail2ban so it picks up the new file immediately.
|
|
# ─────────────────────────────────────────────────────────────────────────────
|
|
|
|
LOG_DIR="${LOG_DIR:-/nginx-logs}"
|
|
INTERVAL=30
|
|
|
|
known=$(ls "$LOG_DIR"/proxy-host-*_access.log 2>/dev/null | sort | tr '\n' ':')
|
|
|
|
echo "[logwatch] Watching $LOG_DIR for new proxy-host log files..."
|
|
|
|
while true; do
|
|
sleep "$INTERVAL"
|
|
current=$(ls "$LOG_DIR"/proxy-host-*_access.log 2>/dev/null | sort | tr '\n' ':')
|
|
if [ "$current" != "$known" ]; then
|
|
echo "[logwatch] New log file(s) detected — reloading fail2ban"
|
|
fail2ban-client reload 2>&1 | sed 's/^/[logwatch] /'
|
|
known="$current"
|
|
fi
|
|
done
|