From owner-freebsd-stable@freebsd.org Fri Jun 22 19:11:39 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E1291024B7F for ; Fri, 22 Jun 2018 19:11:39 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 92D207CFC2 for ; Fri, 22 Jun 2018 19:11:38 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: by mail-ed1-x533.google.com with SMTP id x4-v6so1802663edq.7 for ; Fri, 22 Jun 2018 12:11:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nuxi-nl.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xT8j5LHw12Yh7KnbHktmtPvtaYT0YV7a6AySIqfrSq0=; b=x/IwSwG3BKyD2umkJtpAX5A0MNSgGrITOFnkZYfbXh4Oa9zlc5a5GI9QHUXWxd7weV lNB5LRWi6qY/06D5tq1OdXxqgMeAXztFOkm48QdgEA/kqigueJPUMaHH+tdO0mb6qu2L wXhJYXk+WMnb2Ld/piMkpXWql+2SKb9UA8L8F9VK6AXsfLzgF3BdMhb1yp41le00sig4 1aC5OS9BAjjvA3rSYq2QlwplZOj0Tq8WHs9KYIWsUccETMsEpyh6X768hVsLl7kEfXV+ QAr/dpNs03l6EWbgeLUZFoxkjM482yTEvBapUj/wBHU4RGybDd3E/wltjARe+mlrPqAK QrJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xT8j5LHw12Yh7KnbHktmtPvtaYT0YV7a6AySIqfrSq0=; b=ecGlPuHPo5G45SDOZgT9Uzd89ZpwFMu2onc9A7Vmbmkt/db86ioe8QSOz6/2hGFKTy uWOKjgDet8Ndf6SFxvbnmoc0UpSdetvAVPfvGY4i4PSyZ6moMUA6oj+4J2sfNZ5BfuVw Osd6ZU9xoFZPTx8NPdkbspyxlmorfcsmWAIWLyxFqFCn9VQL+afZVzF+19uDRrb9hwgO I/XJ0udou9qFxknkOtQsNEpzRmX1oC9BRZ4f+nKD1CfKSA+JHJiHq+eg4CpZkeiI70ts SJ4EbUf3UODsuFVm5VpMBstR2FnTXEJ6ZShvXgpahZIJF8DoZQJfXCYjDtwn/w12uRle XnBw== X-Gm-Message-State: APt69E2EmBFPsZmYTdCOY8jkPuT350dylP1vpqxwKrJkDAwDINRMBdDO y16sZQGdkv/q9cCE4wWtDl2dtdlJmxI/pHqZAbrbOA== X-Google-Smtp-Source: ADUXVKJJ5vEudlpb4UTjoAlyZHQBwUBGZTDKVtg0Uc7HIwWP+ANMvyNP9o8Q3h5QuRGBtEE2zDWLdWWowIQpiwNLIy0= X-Received: by 2002:aa7:c588:: with SMTP id g8-v6mr2741466edq.200.1529694697218; Fri, 22 Jun 2018 12:11:37 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a50:8e0d:0:0:0:0:0 with HTTP; Fri, 22 Jun 2018 12:11:06 -0700 (PDT) In-Reply-To: <697FFEFE-6AFB-45CE-ADCD-4DB10286E68B@ellael.org> References: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> <20180622155922.GA61217@plan-b.pwste.edu.pl> <697FFEFE-6AFB-45CE-ADCD-4DB10286E68B@ellael.org> From: Ed Schouten Date: Fri, 22 Jun 2018 21:11:06 +0200 Message-ID: Subject: Re: py-fail2ban turned silent after syslogd rollout (r335059, stable/11) To: Michael Grimm Cc: FreeBSD-STABLE Mailing List , Mailing List FreeBSD Ports , "ed@FreeBSD.org" , theis@gmx.at, Gleb Smirnoff Content-Type: multipart/mixed; boundary="0000000000000b106f056f3fcd51" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2018 19:11:39 -0000 --0000000000000b106f056f3fcd51 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Marek, [ +glebius ] Thanks for reporting this! 2018-06-22 18:54 GMT+02:00 Michael Grimm : >> Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST: >> %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17, >> changed state to down > > Ah, yes! Haven't thought about running syslogd in debugging mode: > > Failed to parse TIMESTAMP from x.x.x.x: fail2ban.filter [79598]: = INFO [=E2=80=A6] This is interesting. As fail2ban uses Python's logging framework, I managed to reproduce this with the following script: #!/usr/bin/env python3 import logging.handlers logging.basicConfig(handlers=3D[ logging.handlers.SysLogHandler( '/var/run/log', facility=3Dlogging.handlers.SysLogHandler.LOG_LOCAL= 7) ]) logging.warning('Hi') This will write the following message to syslogd: sendto(3,"<188>WARNING:root:Hi\0",21,0,NULL,0) =3D 21 (0x15) This message gets rejected by syslogd, due to the change made in r326573, which later got adjusted by me and subsequently MFCed: https://svnweb.freebsd.org/base?view=3Drevision&revision=3D326573 Gleb, what are your thoughts on the attached patch? It alters syslogd to let the 'legacy' RFC 3164 parser also accept messages without a timestamp. The time on the syslogd server will be used instead. Michael, Marek, could you please give this patch a try? Thanks! --=20 Ed Schouten Nuxi, 's-Hertogenbosch, the Netherlands --0000000000000b106f056f3fcd51 Content-Type: text/x-patch; charset="US-ASCII"; name="syslogd-optional-timestamp.diff" Content-Disposition: attachment; filename="syslogd-optional-timestamp.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jiqcpgzp0 SW5kZXg6IHVzci5zYmluL3N5c2xvZ2Qvc3lzbG9nZC5jCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHVzci5zYmlu L3N5c2xvZ2Qvc3lzbG9nZC5jCShyZXZpc2lvbiAzMzUzMTQpCisrKyB1c3Iuc2Jpbi9zeXNsb2dk L3N5c2xvZ2QuYwkod29ya2luZyBjb3B5KQpAQCAtMTE3Miw0NSArMTE3Miw0MyBAQAogCXNpemVf dCBpLCBtc2dsZW47CiAJY2hhciBsaW5lW01BWExJTkUgKyAxXTsKIAotCS8qIFBhcnNlIHRoZSB0 aW1lc3RhbXAgcHJvdmlkZWQgYnkgdGhlIHJlbW90ZSBzaWRlLiAqLwotCWlmIChzdHJwdGltZSht c2csIFJGQzMxNjRfREFURUZNVCwgJnRtX3BhcnNlZCkgIT0KLQkgICAgbXNnICsgUkZDMzE2NF9E QVRFTEVOIHx8IG1zZ1tSRkMzMTY0X0RBVEVMRU5dICE9ICcgJykgewotCQlkcHJpbnRmKCJGYWls ZWQgdG8gcGFyc2UgVElNRVNUQU1QIGZyb20gJXM6ICVzXG4iLCBmcm9tLCBtc2cpOwotCQlyZXR1 cm47Ci0JfQotCW1zZyArPSBSRkMzMTY0X0RBVEVMRU4gKyAxOworCS8qIFBhcnNlIHRoZSB0aW1l c3RhbXAgcHJvdmlkZWQgYnkgdGhlIHJlbW90ZSBzaWRlLCBpZiBhbnkuICovCisJdGltZXN0YW1w ID0gTlVMTDsKKwlpZiAoc3RycHRpbWUobXNnLCBSRkMzMTY0X0RBVEVGTVQsICZ0bV9wYXJzZWQp ID09CisJICAgIG1zZyArIFJGQzMxNjRfREFURUxFTiAmJiBtc2dbUkZDMzE2NF9EQVRFTEVOXSA9 PSAnICcpIHsKKwkJbXNnICs9IFJGQzMxNjRfREFURUxFTiArIDE7CisJCWlmICghUmVtb3RlQWRk RGF0ZSkgeworCQkJc3RydWN0IHRtIHRtX25vdzsKKwkJCXRpbWVfdCB0X25vdzsKKwkJCWludCB5 ZWFyOwogCi0JaWYgKCFSZW1vdGVBZGREYXRlKSB7Ci0JCXN0cnVjdCB0bSB0bV9ub3c7Ci0JCXRp bWVfdCB0X25vdzsKLQkJaW50IHllYXI7Ci0KLQkJLyoKLQkJICogQXMgdGhlIHRpbWVzdGFtcCBk b2VzIG5vdCBjb250YWluIHRoZSB5ZWFyIG51bWJlciwKLQkJICogZGF5bGlnaHQgc2F2aW5nIHRp bWUgaW5mb3JtYXRpb24sIG5vciBhIHRpbWUgem9uZSwKLQkJICogYXR0ZW1wdCB0byBpbmZlciBp dC4gRHVlIHRvIGNsb2NrIHNrZXdzLCB0aGUKLQkJICogdGltZXN0YW1wIG1heSBldmVuIGJlIHBh cnQgb2YgdGhlIG5leHQgeWVhci4gVXNlIHRoZQotCQkgKiBsYXN0IHllYXIgZm9yIHdoaWNoIHRo ZSB0aW1lc3RhbXAgaXMgYXQgbW9zdCBvbmUgd2VlawotCQkgKiBpbiB0aGUgZnV0dXJlLgotCQkg KgotCQkgKiBUaGlzIGxvb3AgY2FuIG9ubHkgcnVuIGZvciBhdCBtb3N0IHRocmVlIGl0ZXJhdGlv bnMKLQkJICogYmVmb3JlIHRlcm1pbmF0aW5nLgotCQkgKi8KLQkJdF9ub3cgPSB0aW1lKE5VTEwp OwotCQlsb2NhbHRpbWVfcigmdF9ub3csICZ0bV9ub3cpOwotCQlmb3IgKHllYXIgPSB0bV9ub3cu dG1feWVhciArIDE7OyAtLXllYXIpIHsKLQkJCWFzc2VydCh5ZWFyID49IHRtX25vdy50bV95ZWFy IC0gMSk7Ci0JCQl0aW1lc3RhbXBfcmVtb3RlLnRtID0gdG1fcGFyc2VkOwotCQkJdGltZXN0YW1w X3JlbW90ZS50bS50bV95ZWFyID0geWVhcjsKLQkJCXRpbWVzdGFtcF9yZW1vdGUudG0udG1faXNk c3QgPSAtMTsKLQkJCXRpbWVzdGFtcF9yZW1vdGUudXNlYyA9IDA7Ci0JCQlpZiAobWt0aW1lKCZ0 aW1lc3RhbXBfcmVtb3RlLnRtKSA8Ci0JCQkgICAgdF9ub3cgKyA3ICogMjQgKiA2MCAqIDYwKQot CQkJCWJyZWFrOworCQkJLyoKKwkJCSAqIEFzIHRoZSB0aW1lc3RhbXAgZG9lcyBub3QgY29udGFp biB0aGUgeWVhcgorCQkJICogbnVtYmVyLCBkYXlsaWdodCBzYXZpbmcgdGltZSBpbmZvcm1hdGlv biwgbm9yCisJCQkgKiBhIHRpbWUgem9uZSwgYXR0ZW1wdCB0byBpbmZlciBpdC4gRHVlIHRvCisJ CQkgKiBjbG9jayBza2V3cywgdGhlIHRpbWVzdGFtcCBtYXkgZXZlbiBiZSBwYXJ0CisJCQkgKiBv ZiB0aGUgbmV4dCB5ZWFyLiBVc2UgdGhlIGxhc3QgeWVhciBmb3Igd2hpY2gKKwkJCSAqIHRoZSB0 aW1lc3RhbXAgaXMgYXQgbW9zdCBvbmUgd2VlayBpbiB0aGUKKwkJCSAqIGZ1dHVyZS4KKwkJCSAq CisJCQkgKiBUaGlzIGxvb3AgY2FuIG9ubHkgcnVuIGZvciBhdCBtb3N0IHRocmVlCisJCQkgKiBp dGVyYXRpb25zIGJlZm9yZSB0ZXJtaW5hdGluZy4KKwkJCSAqLworCQkJdF9ub3cgPSB0aW1lKE5V TEwpOworCQkJbG9jYWx0aW1lX3IoJnRfbm93LCAmdG1fbm93KTsKKwkJCWZvciAoeWVhciA9IHRt X25vdy50bV95ZWFyICsgMTs7IC0teWVhcikgeworCQkJCWFzc2VydCh5ZWFyID49IHRtX25vdy50 bV95ZWFyIC0gMSk7CisJCQkJdGltZXN0YW1wX3JlbW90ZS50bSA9IHRtX3BhcnNlZDsKKwkJCQl0 aW1lc3RhbXBfcmVtb3RlLnRtLnRtX3llYXIgPSB5ZWFyOworCQkJCXRpbWVzdGFtcF9yZW1vdGUu dG0udG1faXNkc3QgPSAtMTsKKwkJCQl0aW1lc3RhbXBfcmVtb3RlLnVzZWMgPSAwOworCQkJCWlm IChta3RpbWUoJnRpbWVzdGFtcF9yZW1vdGUudG0pIDwKKwkJCQkgICAgdF9ub3cgKyA3ICogMjQg KiA2MCAqIDYwKQorCQkJCQlicmVhazsKKwkJCX0KKwkJCXRpbWVzdGFtcCA9ICZ0aW1lc3RhbXBf cmVtb3RlOwogCQl9Ci0JCXRpbWVzdGFtcCA9ICZ0aW1lc3RhbXBfcmVtb3RlOwotCX0gZWxzZQot CQl0aW1lc3RhbXAgPSBOVUxMOworCX0KIAogCS8qCiAJICogQSBzaW5nbGUgc3BhY2UgY2hhcmFj dGVyIE1VU1QgYWxzbyBmb2xsb3cgdGhlIEhPU1ROQU1FIGZpZWxkLgo= --0000000000000b106f056f3fcd51--