I have the exact same problem. I reproduced and observed the same behavior with logrotate as stated above. Polling solved the problem as stated.
But:
A few weeks ago my Ubuntu 14.04 server had strange problems and errors. I didn't have time to figure it out and made a clean install.
Yesterday I was shocked that my server had hundreds of attacks from same ip's and none of them are banned as usual. I do not usually check my logs as i rely on fail2ban. I am using fail2ban for years without any occasions. This is the most simple, primary and working solution on servers. Now i am sure that fail2ban stopped working after an update way before and some kind of attack caused my server to break.
This is a critical security issue. Comments above explain it clearly that this is a severe security issue. The purpose of fail2ban is security. I can repeat it over and over. This is a security bug. Importance is severe and critical not 'undecided' ! I can't believe that this is not taken seriously. 8 months since bug report and no body cares. This is unacceptable. This is the LTS version of Ubuntu server. I still can't believe it.
How can u say that this is a regular bug? If fail2ban does not work, an attacker can brute force a wordpress account, inject php code and cause loss of data and privacy. I don't even mention ssh. There are many more scenarios. Many people rely on fail2ban as it is a simple and effective security solution. I can't even imagine users unaware this situation.
Bugs can happen; but having a confirmed security bug report and not taking it seriously for 8 months is unacceptable. I spent so much time to figure the problem and i couldn't. I am not an expert. If this bug was not reported, i would not have figured out the problem and solve it.
How can i trust this distro anymore, who knows how many other critical issues that are not taken seriously !
It is time to move on to another distro...
I sincerely thank these 4 people who reported this bug, suggested solutions and have taken this issue seriously.
I have the exact same problem. I reproduced and observed the same behavior with logrotate as stated above. Polling solved the problem as stated.
But:
A few weeks ago my Ubuntu 14.04 server had strange problems and errors. I didn't have time to figure it out and made a clean install.
Yesterday I was shocked that my server had hundreds of attacks from same ip's and none of them are banned as usual. I do not usually check my logs as i rely on fail2ban. I am using fail2ban for years without any occasions. This is the most simple, primary and working solution on servers. Now i am sure that fail2ban stopped working after an update way before and some kind of attack caused my server to break.
This is a critical security issue. Comments above explain it clearly that this is a severe security issue. The purpose of fail2ban is security. I can repeat it over and over. This is a security bug. Importance is severe and critical not 'undecided' ! I can't believe that this is not taken seriously. 8 months since bug report and no body cares. This is unacceptable. This is the LTS version of Ubuntu server. I still can't believe it.
How can u say that this is a regular bug? If fail2ban does not work, an attacker can brute force a wordpress account, inject php code and cause loss of data and privacy. I don't even mention ssh. There are many more scenarios. Many people rely on fail2ban as it is a simple and effective security solution. I can't even imagine users unaware this situation.
Bugs can happen; but having a confirmed security bug report and not taking it seriously for 8 months is unacceptable. I spent so much time to figure the problem and i couldn't. I am not an expert. If this bug was not reported, i would not have figured out the problem and solve it.
How can i trust this distro anymore, who knows how many other critical issues that are not taken seriously !
It is time to move on to another distro...
I sincerely thank these 4 people who reported this bug, suggested solutions and have taken this issue seriously.