Date: Fri, 22 Jun 2018 17:59:22 +0200 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: freebsd-stable@freebsd.org Subject: Re: py-fail2ban turned silent after syslogd rollout (r335059, stable/11) Message-ID: <20180622155922.GA61217@plan-b.pwste.edu.pl> In-Reply-To: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> References: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Jun 22, 2018 at 03:12:05PM +0200, Michael Grimm wrote: > Hi, > > this is 11.2-STABLE (r335532), and I am referring to the recent MFC of syslogd modifications [1]. > > Because I cannot judge whether fail2ban lacks support for the renewed syslogd or syslogd has an issue in receiving fail2ban messages I do crosspost this mail to ports and stable. > > I do have fail2ban configured to report to SYSLOG: > > logtarget = SYSLOG > syslogsocket = auto > > But now, after upgrading to the new syslogd fail2ban refuses to report to syslogd; no single message gets recorded [2]. > > I did try to modify the syslogsocket setting to /var/run/log without success. Pointing logtarget to a regular files tells me that fail2ban is running as expected, it only lacks reporting to SYSLOG. > > #) Does anyone else has running py-fail2ban at >= r335059 and can confirm my observations? > #) Any ideas how to debug this issue? > > Thank you in advance and regards, > Michael > > > [1] https://svnweb.freebsd.org/base/stable/11/usr.sbin/syslogd/Makefile?revision=335059&view=markup&sortby=file > [2] both syslogd and fail2ban are running at the host, thus another issue with syslogd fixed in > https://svnweb.freebsd.org/base?view=revision&sortby=file&revision=335314 does not apply > This is probably connected with the lack of handling of non-RFC compliant timestamps. My syslog server also suffers from this issue. It stopped logging messages from old Cisco equipment and some newer Netgear switches. Running it in debug mode gives some clue: Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17, changed state to down Could you please give any advice or workaround for this issue? -- Marek Zarychta [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlstHNgACgkQdZ/s//1S jSyUkAf5Ae7lSkVMSxq9jeZAeG1CAyBRzbW65JFKWfiwB9onS7SrFE0fbRWO/U95 DRUpg8cQCv9fXWLF0BKjVzGh06LFxuulQVNQxzXPqyPiuVqrVYcyFYN2PFXgIDEl En1m1VjkHwRAGwuzfJNqQHDpNBvwbNEROTyvNTK4UTxC3XRaUv2P3/5Pcruym6fX 54nBVsmePnTpWhA3AaOv68GpQ8kcqMIN2CbL5/hDaNDVxjI0YG/q93Y7Qs5zyfqF lAI5U3GXoLzz+M0WGjhD8G/ZseykoLopbHzsNZah83vvf4H9Q3w24Vqs9wsC1Nng ZPzlFn51LWWIWyWLooVx4ElEfo6nqQ== =YTva -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180622155922.GA61217>