py-fail2ban turned silent after syslogd rollout (r335059, stable/11)
Gleb Smirnoff
glebius at freebsd.org
Fri Jun 22 20:09:34 UTC 2018
Hi Ed,
On Fri, Jun 22, 2018 at 09:11:06PM +0200, Ed Schouten wrote:
E> > Ah, yes! Haven't thought about running syslogd in debugging mode:
E> >
E> > Failed to parse TIMESTAMP from x.x.x.x: fail2ban.filter [79598]: INFO […]
E>
E> This is interesting. As fail2ban uses Python's logging framework, I
E> managed to reproduce this with the following script:
E>
E> #!/usr/bin/env python3
E> import logging.handlers
E> logging.basicConfig(handlers=[
E> logging.handlers.SysLogHandler(
E> '/var/run/log', facility=logging.handlers.SysLogHandler.LOG_LOCAL7)
E> ])
E> logging.warning('Hi')
E>
E> This will write the following message to syslogd:
E>
E> sendto(3,"<188>WARNING:root:Hi\0",21,0,NULL,0) = 21 (0x15)
E>
E> This message gets rejected by syslogd, due to the change made in
E> r326573, which later got adjusted by me and subsequently MFCed:
E>
E> https://svnweb.freebsd.org/base?view=revision&revision=326573
E>
E> Gleb, what are your thoughts on the attached patch? It alters syslogd
E> to let the 'legacy' RFC 3164 parser also accept messages without a
E> timestamp. The time on the syslogd server will be used instead.
E>
E> Michael, Marek, could you please give this patch a try? Thanks!
I didn't examine the patch thoroughly, but I agree that looks like
we have no other choice as to support the legacy and normal messages
at the same time.
--
Gleb Smirnoff
More information about the freebsd-stable
mailing list