[SOLVED] Fail2ban High Memory Usage

In this article you will learn a couple of methods on how to fix Fail2ban High Memory Usage problem.

There may be several reasons for Fail2ban consumption a very large amount of memory (in my case it was about 2,5 GB!). I will list some of the reasons and how to fix it.

Fail2ban High Memory Usage Most Common Reasons

  • Very large amount of banned IPs
  • Very long ban time in configuration
  • Brute force attacks
  • Fail2ban’s too large SQLite database

First of all try restart Fail2ban service if it didn’t help start dig problem First of all, try restarting the Fail2ban service, if that doesn’t work, start digging deeper.

Check every banned IPs for each jail you have: For example show banned IPs in sshd jail:

# fail2ban-client status sshd

Example output:

Fix Fail2ban’s Too Large SQLite database size

Fail2ban using SQLite database. Over time the SQLite database fail2ban.sqlite3 file can bloat. We can purge this file from config or delete manually.

Purge fail2ban.sqlite3 file

Fail2ban configuration file (/etc/fail2ban/fail2ban.conf) has parameter dbpurgeage. This parameter tells how time keep the date in database.

So you can decrease default (86400sec – 24hours) for example for 4 hours and set 14400 sec.

dbpurgeage = 14400

After changes in config restart Fail2ban

Delete fail2ban.sqlite3 file

Before manually delete fail2ban.sqlite3 file

Stop the Fail2ban service:

# /etc/init.d/fail2ban stop

Delete database file:

# rm /var/lib/fail2ban/fail2ban.sqlite3

Start the Fail2ban service:

# /etc/init.d/fail2ban start 

Limit Fail2Ban Memory Usage

We can limit Fail2ban memory utilization.

To decrease the memory usage by Fail2ban, edit /etc/default/fail2ban file.
At the end of the file add:

ulimit -s 256

And restart Fail2Ban:

 # /etc/init.d/fail2ban restart

I hope these tips helped you solve memory usage problem.

Zimbra Fail2ban Setup


If you like what you are reading, please:

Buy me a coffeeBuy me a coffee


Leave a Reply

Your email address will not be published. Required fields are marked *