py-fail2ban turned silent after syslogd rollout (r335059, stable/11)
Ed Schouten
ed at nuxi.nl
Fri Jun 22 19:11:39 UTC 2018
Hi Marek,
[ +glebius ]
Thanks for reporting this!
2018-06-22 18:54 GMT+02:00 Michael Grimm <trashcan at ellael.org>:
>> Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST:
>> %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17,
>> changed state to down
>
> Ah, yes! Haven't thought about running syslogd in debugging mode:
>
> Failed to parse TIMESTAMP from x.x.x.x: fail2ban.filter [79598]: INFO […]
This is interesting. As fail2ban uses Python's logging framework, I
managed to reproduce this with the following script:
#!/usr/bin/env python3
import logging.handlers
logging.basicConfig(handlers=[
logging.handlers.SysLogHandler(
'/var/run/log', facility=logging.handlers.SysLogHandler.LOG_LOCAL7)
])
logging.warning('Hi')
This will write the following message to syslogd:
sendto(3,"<188>WARNING:root:Hi\0",21,0,NULL,0) = 21 (0x15)
This message gets rejected by syslogd, due to the change made in
r326573, which later got adjusted by me and subsequently MFCed:
https://svnweb.freebsd.org/base?view=revision&revision=326573
Gleb, what are your thoughts on the attached patch? It alters syslogd
to let the 'legacy' RFC 3164 parser also accept messages without a
timestamp. The time on the syslogd server will be used instead.
Michael, Marek, could you please give this patch a try? Thanks!
--
Ed Schouten <ed at nuxi.nl>
Nuxi, 's-Hertogenbosch, the Netherlands
-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslogd-optional-timestamp.diff
Type: text/x-patch
Size: 2720 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20180622/9f1e848e/attachment.bin>
More information about the freebsd-stable
mailing list