[Bug]: After running for a period of time, it becomes unable to retrieve information from fail2ban.

[Wrandz]

Describe the bug

From the image I attached, you can see that I started the software at 23:11 on November 1, 2024. Throughout the following period until November 2, when I checked the status, it appeared normal. However, when I checked again at 9:52 this morning, I noticed that all the readings from midnight onwards were zeros, which is obviously problematic. Based on past experiences, I understand that this is not accurate and indicates that the dashboard has not retrieved the latest information. While I was checking, I observed that the dashboard automatically updated once more, suggesting that it was not terminated. I logged into the VPS:

root@sub:~# docker ps
CONTAINER ID   IMAGE                                          COMMAND                  CREATED        STATUS                  PORTS                                NAMES
d2fa883911f3   ghcr.io/verifiedjoseph/intruder-alert:latest   "docker-php-entrypoi…"   35 hours ago   Up 35 hours (healthy)   127.0.0.1:8080->8080/tcp, 9000/tcp   intruder-alert
ea1e5a94a4ea   jericx/syncclipboard-server:latest             "dotnet SyncClipboar…"   3 months ago   Up 38 hours             127.0.0.1:5033->5033/tcp             syncclipboard-server
root@sub:~# docker-compose down
Stopping intruder-alert ... done
Removing intruder-alert ... done
Removing network root_default
root@sub:~# docker-compose up -d
Creating network "root_default" with the default driver
Creating intruder-alert ... done

I restarted the dashboard.

As you can see, after restarting the dashboard, the latest data has been successfully retrieved.

Configuration

version: '3'

services:
  app:
    image: ghcr.io/verifiedjoseph/intruder-alert:latest
    container_name: intruder-alert
    environment:
      - IA_TIMEZONE=Asia/Shanghai
      - IA_SYSTEM_LOG_TIMEZONE=Asia/Shanghai
      - IA_MAXMIND_LICENSE_KEY=[redacted]
      - IA_LOG_FOLDER=/app/backend/data/logs
    volumes:
      - /var/log/fail2ban.log:/app/backend/data/logs/fail2ban.log:ro
      - /var/log/fail2ban.log.1:/app/backend/data/logs/fail2ban.log.1:ro
      - /var/log/fail2ban.log.2.gz:/app/backend/data/logs/fail2ban.log.2.gz:ro
      - /var/log/fail2ban.log.3.gz:/app/backend/data/logs/fail2ban.log.3.gz:ro
      - /var/log/fail2ban.log.4.gz:/app/backend/data/logs/fail2ban.log.4.gz:ro
    ports:
      - '127.0.0.1:8080:8080'
    security_opt:
      - no-new-privileges:true

Version

1.19.8

Deployment Method

docker-compose

PHP Version

8.2.24-fpm-alpine3.19

Additional context

I'm not sure what the cause of this issue is, as it has been occurring since earlier versions. At one point, I thought it might be due to insufficient memory on my VPS, causing the dashboard to close during operation. However, I later found that this was not the case; the dashboard was running fine, but it just couldn't retrieve the latest fail2ban information.

Please take a look into this issue. If you need any additional information, please feel free to contact me. I have also attached my personal email address, [email protected], for your convenience.

[VerifiedJoseph]

Hello Wrandz. Sorry to hear you are having trouble with the dashboard.

At one point, I thought it might be due to insufficient memory on my VPS [..]

It is possible that insufficient memory could be the issue as Intruder Alert's backend script only runs every 10 minutes and insufficient memory would stop it from starting or running successfully.

The next time the issue happens please post of the output of docker logs -t intruder-alert (https://docs.docker.com/reference/cli/docker/container/logs/). Its output with be helpful for troubleshooting.

[Wrandz]

Thank you. Below is the runtime log of my Docker container.
docker.log

The first line of this log entry occurred at 2024-11-03 02:04:46, which is after the 0:00 point mentioned in previous screenshot where the issue arose. Therefore, what happened at exactly 0:00 is unknown (but please hold on for a moment, as such an issue will occur again soon, and I will provide you with the log at the time of the issue).

However, from the log file, it seems that from the first line until 9:52 AM on November 3rd, when I noticed the issue and restarted intruder-alert, intruder-alert had been running normally and regularly throughout that period.

Since I restarted intruder-alert, there hasn't been any issue so far. I will continue to monitor the situation until the problem reappears. I'm really looking forward to your analysis of the log file to identify the cause of the issue.

[Wrandz]

After several days of careful observation, everything seemed normal until this morning when I noticed the same issue again: starting from midnight, Intruder Alert stopped updating data.

Below is the runtime log of my Docker container. Captured from 23:00 on November 9th.

docker.txt

From the log file, there are no apparent anomalies. It seems that starting from 0:00 on the 10th, Intruder Alert was still normally acquiring and processing logs from fail2ban, but it stopped updating the web table data.