From owner-freebsd-stable@freebsd.org Fri Jun 22 15:59:30 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38E7D101F9D8 for ; Fri, 22 Jun 2018 15:59:30 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AC9567562F for ; Fri, 22 Jun 2018 15:59:29 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (zarychtam@localhost [127.0.0.1]) by plan-b.pwste.edu.pl (8.15.2/8.15.2) with ESMTPS id w5MFxNJB061498 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Fri, 22 Jun 2018 17:59:23 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1529683163; bh=aAwADTtQixt7Gx1leXxkyEeW4vmHQa1dDebNGnh/mzM=; h=Date:From:To:Subject:References:In-Reply-To; b=iosp8iJRdMGkbrxUTJ7Ajd45hzYc1eaZywB3PagOAEQLDVq5CXhtNHsTsQ2SmMtYV bTCQVAIG3zPm5vN9JUo/V+Syhs3Y2mS4FNNZ17SVFc1kOm2goWyHyQr0HboIlK0uoi ohi3BmYadYyWd7UEqduem9xuDMe0VN56eIC+u/b3DuektRbmdMwwPSIsrSwd/CHIKC Q7e+3KBqR1bTYJb3pELMMLJalQCwHAaMyyb1wiZsjv8Q9jWpEhxN3iI/p+cLUksIP3 uVoEW3dWYjEMOSXNJ3vZIJE2QMhhPgSOGHextWSwO1RxdNBdIRFswCT0U0TNrB8Pa/ BdM4ZQftEUT0g== Received: (from zarychtam@localhost) by plan-b.pwste.edu.pl (8.15.2/8.15.2/Submit) id w5MFxMp2061497 for freebsd-stable@freebsd.org; Fri, 22 Jun 2018 17:59:22 +0200 (CEST) (envelope-from zarychtam) Date: Fri, 22 Jun 2018 17:59:22 +0200 From: Marek Zarychta To: freebsd-stable@freebsd.org Subject: Re: py-fail2ban turned silent after syslogd rollout (r335059, stable/11) Message-ID: <20180622155922.GA61217@plan-b.pwste.edu.pl> References: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB" Content-Disposition: inline In-Reply-To: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> User-Agent: Mutt/1.10.0 (2018-05-17) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2018 15:59:30 -0000 --tThc/1wpZn/ma/RB Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 22, 2018 at 03:12:05PM +0200, Michael Grimm wrote: > Hi, >=20 > this is 11.2-STABLE (r335532), and I am referring to the recent MFC of sy= slogd modifications [1].=20 >=20 > Because I cannot judge whether fail2ban lacks support for the renewed sys= logd or syslogd has an issue in receiving fail2ban messages I do crosspost = this mail to ports and stable. >=20 > I do have fail2ban configured to report to SYSLOG: >=20 > logtarget =3D SYSLOG > syslogsocket =3D auto >=20 > But now, after upgrading to the new syslogd fail2ban refuses to report to= syslogd; no single message gets recorded [2]. >=20 > I did try to modify the syslogsocket setting to /var/run/log without succ= ess. Pointing logtarget to a regular files tells me that fail2ban is runnin= g as expected, it only lacks reporting to SYSLOG. >=20 > #) Does anyone else has running py-fail2ban at >=3D r335059 and can confi= rm my observations?=20 > #) Any ideas how to debug this issue? >=20 > Thank you in advance and regards, > Michael >=20 >=20 > [1] https://svnweb.freebsd.org/base/stable/11/usr.sbin/syslogd/Makefile?r= evision=3D335059&view=3Dmarkup&sortby=3Dfile > [2] both syslogd and fail2ban are running at the host, thus another issue= with syslogd fixed in=20 > https://svnweb.freebsd.org/base?view=3Drevision&sortby=3Dfile&revisio= n=3D335314 does not apply >=20 This is probably connected with the lack of handling of non-RFC compliant timestamps.=20 My syslog server also suffers from this issue. It stopped logging messages from old Cisco equipment and some newer Netgear switches. Running it in debug mode gives some clue: Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17, changed state to down Could you please give any advice or workaround for this issue? --=20 Marek Zarychta --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlstHNgACgkQdZ/s//1S jSyUkAf5Ae7lSkVMSxq9jeZAeG1CAyBRzbW65JFKWfiwB9onS7SrFE0fbRWO/U95 DRUpg8cQCv9fXWLF0BKjVzGh06LFxuulQVNQxzXPqyPiuVqrVYcyFYN2PFXgIDEl En1m1VjkHwRAGwuzfJNqQHDpNBvwbNEROTyvNTK4UTxC3XRaUv2P3/5Pcruym6fX 54nBVsmePnTpWhA3AaOv68GpQ8kcqMIN2CbL5/hDaNDVxjI0YG/q93Y7Qs5zyfqF lAI5U3GXoLzz+M0WGjhD8G/ZseykoLopbHzsNZah83vvf4H9Q3w24Vqs9wsC1Nng ZPzlFn51LWWIWyWLooVx4ElEfo6nqQ== =YTva -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB--