这是一个事实调查问题。我正在实施,fail2ban以防止一些不道德的元素影响我的 Django 网站体验。请注意,我的网络服务器是 nginx(反向代理),以 gunicorn 作为上游应用程序服务器 - 该机器是 Ubuntu 14.04 VM。
但是我现在的 CPU 使用率是从~45%到~95%我打开它的那一刻(其他条件相同)。在任何给定的时间点,我的网站上都有很多活动,并且 nginx 日志很快就会填满。目前,当前大小access.log为 1.4G,而access.log.1大小为 850MB。
如果相关的话,下面是我的 access.log 中此类活动的快照:
31.13.102.111 - - [28/Feb/2016:06:47:22 +0000] "GET /group/ HTTP/1.1" 200 9628 "http://example.com/?iorg_service_id_internal=373234912870626%3B$
31.13.97.97 - - [28/Feb/2016:06:47:22 +0000] "GET /group_list/ HTTP/1.1" 200 9671 "-" "Opera/9.80 (J2ME/MIDP; Opera Mini/4.5.40312/37.7910; U;$
31.13.99.123 - - [28/Feb/2016:06:47:22 +0000] "POST /link/1410516/reply/ HTTP/1.1" 302 5 "http://www.example.com/link/1410516/reply/?iorg_servi$
31.13.110.117 - - [28/Feb/2016:06:47:22 +0000] "GET /link/1410608/reply/ HTTP/1.1" 200 9829 "http://example.com/link/1410608/reply/?iorg_servic$
31.13.97.123 - - [28/Feb/2016:06:47:22 +0000] "GET / HTTP/1.1" 200 11979 "http://http-example-com.0.freebasics.com/?ref=mbasic" "Opera/9.80 (J2$
31.13.97.113 - - [28/Feb/2016:06:47:22 +0000] "POST /link/create/ HTTP/1.1" 302 5 "http://example.com/link/create/?iorg_service_id_internal=373$
31.13.110.110 - - [28/Feb/2016:06:47:23 +0000] "GET /group/eb42a653-ec47-43d1-acd7-571646ea3440/private/ HTTP/1.1" 200 11341 "http://example.$
31.13.113.68 - - [28/Feb/2016:06:47:23 +0000] "GET /group/a40cffc5-8194-43a9-8bc9-7517b1cc5ac5/public/ HTTP/1.1" 200 11835 "http://www.exampl$
31.13.99.123 - - [28/Feb/2016:06:47:23 +0000] "GET / HTTP/1.1" 200 12123 "http://example.com/link/create/?iorg_service_id_internal=373234912870$
31.13.102.98 - - [28/Feb/2016:06:47:23 +0000] "POST /vote/ HTTP/1.1" 302 5 "http://example.com/?iorg_service_id_internal=373234912870626%3BAfrI$
31.13.113.76 - - [28/Feb/2016:06:47:24 +0000] "GET /group/ HTTP/1.1" 200 9282 "http://example.com/link/1410354/reply/?iorg_service_id_internal=$
31.13.110.98 - - [28/Feb/2016:06:47:24 +0000] "GET /link/1410807/reply/ HTTP/1.1" 200 11083 "-" "SAMSUNG-SM-B360E Opera/9.80 (J2ME/MIDP; Opera$
31.13.99.111 - - [28/Feb/2016:06:47:24 +0000] "GET /group/ HTTP/1.1" 200 8798 "http://example.com/?iorg_service_id_internal=373234912870626%3BA$
31.13.113.95 - - [28/Feb/2016:06:47:24 +0000] "GET / HTTP/1.1" 200 12181 "http://example.com/?iorg_service_id_internal=373234912870626%3BAfq3H8$
31.13.99.111 - - [28/Feb/2016:06:47:24 +0000] "GET /link/1410516/reply/ HTTP/1.1" 200 9753 "http://www.example.com/link/1410516/reply/?iorg_ser$
141.0.15.221 - - [28/Feb/2016:06:47:24 +0000] "GET /users/Veeraj/unseen/ HTTP/1.1" 200 8556 "http://example.com/link/1381878/reply/" "Opera/9.8$
31.13.110.127 - - [28/Feb/2016:06:47:25 +0000] "GET /group/d81f3a5e-049d-4ceb-abaf-8bc1a571001a/private/ HTTP/1.1" 200 12576 "http://example.$
31.13.110.110 - - [28/Feb/2016:06:47:25 +0000] "GET /users/Pariza/activity/ HTTP/1.1" 200 8233 "http://example.com/users/Pariza/?iorg_service_i$
31.13.97.121 - - [28/Feb/2016:06:47:25 +0000] "GET / HTTP/1.1" 200 12094 "http://example.com/link/1410735/reply/?iorg_service_id_internal=37323$
31.13.97.103 - - [28/Feb/2016:06:47:25 +0000] "GET / HTTP/1.1" 200 11081 "http://example.com/link/create/?iorg_service_id_internal=373234912870$
31.13.102.120 - - [28/Feb/2016:06:47:26 +0000] "GET /group/1a1cb850-b526-46d3-893b-03e2ad2eeb2b/private/ HTTP/1.1" 200 11934 "http://example.$
31.13.110.100 - - [28/Feb/2016:06:47:26 +0000] "POST /vote/ HTTP/1.1" 302 5 "http://example.com/?iorg_service_id_internal=373234912870626%3BAfr$
31.13.102.111 - - [28/Feb/2016:06:47:27 +0000] "POST /link/1410816/reply/ HTTP/1.1" 302 5 "http://example.com/link/1410816/reply/?iorg_service_$
31.13.97.123 - - [28/Feb/2016:06:47:27 +0000] "GET / HTTP/1.1" 200 12490 "http://http-example-com.0.freebasics.com/" "Opera/9.80 (Android; Oper$
31.13.113.67 - - [28/Feb/2016:06:47:27 +0000] "GET /group/d6be8c59-8d1e-40d4-92f9-55ed0f906ff6/private/ HTTP/1.1" 200 10962 "http://example.p$
66.220.156.113 - - [28/Feb/2016:06:47:27 +0000] "GET / HTTP/1.1" 200 12136 "-" "Nokia110/2.0 (03.04) Profile/MIDP-2.1 Confi
fail2ban其中有各种与我的相关的监狱定义access.log。例如,nginx-postflood防范 POST 洪水和nginx-getflood防范 GET 洪水,解析access.log以查看模式。
我的问题是:
1) 为什么在我当前的设置下 fail2ban 的性能如此糟糕?是不是因为整个access.log文件都移到了 CPU 内存中,以便 fail2ban jails 开始解析它?
2) 如果access.log文件大小确实是问题所在,我有什么办法可以控制这个参数吗?我宁愿拥有几个 80MB 的access.log文件,而不是像现在这样拥有大而笨重的文件。我该如何设置呢?你能给我举个具体的例子吗?
提前致谢,如果您需要的话,请询问更多信息。