py-fail2ban turned silent after syslogd rollout (r335059, stable/11)

[Marek Zarychta]

On Fri, Jun 22, 2018 at 09:11:06PM +0200, Ed Schouten wrote:
> Hi Marek,
> 
> [ +glebius ]
> 
> Thanks for reporting this!
> 
> 2018-06-22 18:54 GMT+02:00 Michael Grimm <trashcan at ellael.org>:
> >> Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST:
> >> %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17,
> >> changed state to down
> >
> > Ah, yes! Haven't thought about running syslogd in debugging mode:
> >
> >         Failed to parse TIMESTAMP from x.x.x.x: fail2ban.filter [79598]: INFO […]
> 
> This is interesting. As fail2ban uses Python's logging framework, I
> managed to reproduce this with the following script:
> 
> #!/usr/bin/env python3
> import logging.handlers
> logging.basicConfig(handlers=[
>     logging.handlers.SysLogHandler(
>         '/var/run/log', facility=logging.handlers.SysLogHandler.LOG_LOCAL7)
> ])
> logging.warning('Hi')
> 
> This will write the following message to syslogd:
> 
> sendto(3,"<188>WARNING:root:Hi\0",21,0,NULL,0)   = 21 (0x15)
> 
> This message gets rejected by syslogd, due to the change made in
> r326573, which later got adjusted by me and subsequently MFCed:
> 
> https://svnweb.freebsd.org/base?view=revision&revision=326573
> 
> Gleb, what are your thoughts on the attached patch? It alters syslogd
> to let the 'legacy' RFC 3164 parser also accept messages without a
> timestamp. The time on the syslogd server will be used instead.
> 
> Michael, Marek, could you please give this patch a try? Thanks!
> 
Hi Ed,

Thank you for expedited effort.
Patch compiles fine and I can confirm, that it resolves the issue.

-- 
Marek Zarychta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20180622/3d42c1be/attachment.sig>