fail2ban detects the attacker IP but doesn't ban it, and is slow reading logs

nginx debian fail2ban

Solution 1:

  1. It is not advisable to monitor access-log, see fail2ban/wiki :: Best practice especially the part "Reduce parasitic log-traffic".
  2. Inappropriate regexs can also cause that fail2bans "read speed may be slower than log speed", just I don't see your RE is not good. But it can be made faster, just you'd need to change logging format for that. Also specifying of single and precise datepattern may help to speed up the processing.
  3. All in one it could create the known race condition, fail2ban was affected up to v.0.10.5, see https://github.com/fail2ban/fail2ban/issues/2660 for details (the fix was released within v.0.10.6 / v.0.11.2)

Also note the answers to similar issues, for instance https://github.com/fail2ban/fail2ban/issues/3021#issuecomment-834287295.

Related

user that exists doesn't exist when setting chroot with usermod
mail works, but sendmail doesn't! (Postfix)
FaceTime, iCloud and iMessage in China
How to Stop Website Requests for Location
How can I run AirDrop from the Dock?
How can I query the hardware UUID of a Mac programmatically from a command line?
Transfer files to iPad via USB from Android
I bought a 'new' MacBook Pro from 3rd party. It came in a refurbished box, but they insist it was 'new' How do I know if this really is new or used?
What are all these tvOS services?
Copy SSH Public Key to clipboard WITHOUT newline appended
How to leave product feedback on macOS? [duplicate]
Connecting Mac Book Pro 2017 to 2 Projectors via USB C