Date: Fri, 22 Jun 2018 22:48:41 +0200 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: Ed Schouten <ed@nuxi.nl> Cc: Michael Grimm <trashcan@ellael.org>, "ed@FreeBSD.org" <ed@freebsd.org>, theis@gmx.at, Gleb Smirnoff <glebius@freebsd.org>, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, Mailing List FreeBSD Ports <freebsd-ports@freebsd.org> Subject: Re: py-fail2ban turned silent after syslogd rollout (r335059, stable/11) Message-ID: <20180622204841.GA65261@plan-b.pwste.edu.pl> In-Reply-To: <CABh_MKkdObTmbNXnKrudyHjkd8s3aukUUC=Vee%2BRShJepWpwNg@mail.gmail.com> References: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> <20180622155922.GA61217@plan-b.pwste.edu.pl> <697FFEFE-6AFB-45CE-ADCD-4DB10286E68B@ellael.org> <CABh_MKkdObTmbNXnKrudyHjkd8s3aukUUC=Vee%2BRShJepWpwNg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jun 22, 2018 at 09:11:06PM +0200, Ed Schouten wrote:
> Hi Marek,
>=20
> [ +glebius ]
>=20
> Thanks for reporting this!
>=20
> 2018-06-22 18:54 GMT+02:00 Michael Grimm <trashcan@ellael.org>:
> >> Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST:
> >> %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17,
> >> changed state to down
> >
> > Ah, yes! Haven't thought about running syslogd in debugging mode:
> >
> > Failed to parse TIMESTAMP from x.x.x.x: fail2ban.filter [79598]=
: INFO [=E2=80=A6]
>=20
> This is interesting. As fail2ban uses Python's logging framework, I
> managed to reproduce this with the following script:
>=20
> #!/usr/bin/env python3
> import logging.handlers
> logging.basicConfig(handlers=3D[
> logging.handlers.SysLogHandler(
> '/var/run/log', facility=3Dlogging.handlers.SysLogHandler.LOG_LOC=
AL7)
> ])
> logging.warning('Hi')
>=20
> This will write the following message to syslogd:
>=20
> sendto(3,"<188>WARNING:root:Hi\0",21,0,NULL,0) =3D 21 (0x15)
>=20
> This message gets rejected by syslogd, due to the change made in
> r326573, which later got adjusted by me and subsequently MFCed:
>=20
> https://svnweb.freebsd.org/base?view=3Drevision&revision=3D326573
>=20
> Gleb, what are your thoughts on the attached patch? It alters syslogd
> to let the 'legacy' RFC 3164 parser also accept messages without a
> timestamp. The time on the syslogd server will be used instead.
>=20
> Michael, Marek, could you please give this patch a try? Thanks!
>=20
Hi Ed,
Thank you for expedited effort.
Patch compiles fine and I can confirm, that it resolves the issue.
--=20
Marek Zarychta
--CE+1k2dSO48ffgeK
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlstYKYACgkQdZ/s//1S
jSyQSAf9EztYw09oXL1mifsFNQ+Zn909WsKbsP180+wGeilkmfDUhO2q9AeWr2ut
cyNErFRUpQBIpAMwSONytP5Hv/FXliPX6QnGes/3/6TjvPvjK+v7ZxQo94+HUOnH
sXZq857cN3D91riUcKXsijTxlcTrWCWtdxYiJXueQ41AQHI6fDdNM04scAPjo9X/
TMpppR7KL8hIvag22kXVM4flZZGx2m9Upf1QtiVHUjvmXNr7pYgvh1Wz69uTkjNJ
OJh8QAXxA8ekVoC/J7ukwJmecFaHXq8UmUWTnyHwo+1JNyYPmD6pZhRIXbtLVYUP
1LliXczjGBdchXnjYiiD5Ux7NWWJsg==
=YKxF
-----END PGP SIGNATURE-----
--CE+1k2dSO48ffgeK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180622204841.GA65261>