Jaws was never my scene and I don't like Star Wars

FreeBSD, fail2ban and newsyslog

Just a short note on FreeBSD's newsyslog and fail2ban, since I couldn't find this information on the interwebtubes.

Fail2ban does not respond to HUP/USR1 (or any other) signal to notify config or log changes. This sort of thing is achieved using fail2ban-client.

Newsyslog is geared towards the sending of signals, since that's what a *nix daemon would traditionally expect. Recently patched and working in newsyslog is the R flag, which allows you to provide a path to some executable instead of a PID file. Config for fail2ban in /etc/newsyslog.conf now looks like this:

# logfilename         mode count size when  flags [/pid_file] [sig_num]
/var/log/fail2ban.log 600  5     500  $W0D5 JR    /usr/local/bin/fail2ban-logrotate.sh

Contents of /usr/local/bin/fail2ban-logrotate.sh are simply:


/usr/local/bin/fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null

Something doesn't sit right about this approach but it appears to do the business. Better ideas welcome in the comments.

OpenBSD's newsyslog appears to allow any free form command as long as it's wrapped in double quotes. Handy.

by fuzzix on Mon, 13 Jan 2014 13:45.


Thu, 26 Jun 2014 09:53

Thanks, been looking for a solution to this found about 18 months!

Dmytro Lavryk
Wed, 02 Mar 2016 09:38

Great idea! Thank you!

Wed, 26 Oct 2016 03:14

Thank you!

Sun, 03 Nov 2019 02:51

Thanks for this. I amended newsyslog.conf as described but it didn't work for me. It did get me on the right track though.

After much searching I eventually found that if /usr/local/bin/fail2ban-logrotate.sh contains:

/usr/local/bin/fail2ban-client flushlogs >/dev/null

it works just fine on my FreeBSD 12.0 system.

Perhaps your post pre-dates the flushlogs command in fail2ban-client.

Comment on this post

Text only, no HTML, * denotes a required field.

Name *
Email Address *
Mystery box, leave it alone!