freebsd stable - Jun 2018 - py-fail2ban turned silent after syslogd rollout (r335059, stable/11)

On 22. Jun 2018, at 21:26, Michael Grimm <trashcan at ellael.org>
wrote:
> On 22. Jun 2018, at 21:11, Ed Schouten <ed at nuxi.nl> wrote:
>> Michael, Marek, could you please give this patch a try? Thanks!
> 
> Recompiled world (FreeBSD 11.2-STABLE r335532), substituted syslogd with
the re-compiled one, and:
> 
> Thank you! Your patch is working w.r.t. fail2ban logging to SYSLOG.
Perfect!
Now I realised that there is a minor glitch:

logfile+logger:
	Jun 22 19:01:48 HOSTNAME <daemon.notice> fail2ban.filter: 2018-06-22
19:01:48,637 fail2ban.actions        [85544]: NOTICE  [JAILNAME] Unban x.x.x.x

Old syslogd before MFC:
	May 30 15:39:41 <daemon.notice> HOSTNAME fail2ban.actions [929]: NOTICE
[JAILNAME] Unban x.x.x.x

After applying your patch:
	Jun 22 21:22:01 HOSTNAME <daemon.notice> [31033]: NOTICE [JAILNAME] Unban
x.x.x.x

Watch: 'fail2ban.actions' -the service- is missing.

Regards,
Michael

Hi Michael,

2018-06-22 22:06 GMT+02:00 Michael Grimm <trashcan at
ellael.org>:
> After applying your patch:
>         Jun 22 21:22:01 HOSTNAME <daemon.notice> [31033]: NOTICE
[JAILNAME] Unban x.x.x.x
>
> Watch: 'fail2ban.actions' -the service- is missing.
That's likely due to the fact that it now interprets the first word in
the message as the remote hostname, which gets discarded.

Attached is a somewhat refined patch that only tries to parse the
hostname in remote messages if they are preceded by a timestamp. If
the timestamp is missing, it assumes the entire payload is the
message. Can you give this one a try? Thanks!

-- 
Ed Schouten <ed at nuxi.nl>
Nuxi, 's-Hertogenbosch, the Netherlands
-------------- next part --------------
A non-text attachment was scrubbed...
Name: syslogd-optional-timestamp-v2.diff
Type: application/octet-stream
Size: 3861 bytes
Desc: not available
URL:
<http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20180622/15b0951c/attachment.obj>