Fail2ban
That will delete all entries over 90 days. You may want to put it into a script run by cron, in which case include the path to sqlite eg. /usr/bin/sqlite3
the database is here: /var/lib/fail2ban
Clean up by age (better)
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "delete from bans where timeofban <= strftime('%s', date('now', '-90 days'));"
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "vacuum;"
Gets rid and starts again (not as good)
sudo service fail2ban stop
sudo truncate -s 0 /var/log/fail2ban.log
sudo rm /var/lib/fail2ban/fail2ban.sqlite3
sudo service fail2ban restart
OR Reduce fail2ban.sqlite3 file
You might face an increase of the file /var/lib/fail2ban/fail2ban.sqlite3
Here few commands that allows you to dig within the db, and clean up some rows, reducing its size.
Open the db:
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3
Now, check all the tables available:
sqlite> .tables
bans fail2banDb jails logs
Generally, the “bans” table is the one that uses more space. You can check the content of this table using some SELECT statements like:
sqlite> SELECT * FROM bans limit 1;
With this, you can check one single row, and all its parts and content.
If you identify, for example, that there are very old entries (in my case, entries from 2 years ago, from 2018 and 219), you can trim all those entries with this command:
sqlite> DELETE FROM bans WHERE DATE(timeofban, 'unixepoch') < '2020-01-01'; VACUUM;
After running the above command, I got my db shrank.
A restart of fail2ban services will reload the db and release the space of the previous db.