Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Jun 2018 22:48:41 +0200
From:      Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
To:        Ed Schouten <ed@nuxi.nl>
Cc:        Michael Grimm <trashcan@ellael.org>, "ed@FreeBSD.org" <ed@freebsd.org>, theis@gmx.at, Gleb Smirnoff <glebius@freebsd.org>, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, Mailing List FreeBSD Ports <freebsd-ports@freebsd.org>
Subject:   Re: py-fail2ban turned silent after syslogd rollout (r335059, stable/11)
Message-ID:  <20180622204841.GA65261@plan-b.pwste.edu.pl>
In-Reply-To: <CABh_MKkdObTmbNXnKrudyHjkd8s3aukUUC=Vee%2BRShJepWpwNg@mail.gmail.com>
References:  <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> <20180622155922.GA61217@plan-b.pwste.edu.pl> <697FFEFE-6AFB-45CE-ADCD-4DB10286E68B@ellael.org> <CABh_MKkdObTmbNXnKrudyHjkd8s3aukUUC=Vee%2BRShJepWpwNg@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On Fri, Jun 22, 2018 at 09:11:06PM +0200, Ed Schouten wrote:
> Hi Marek,
> 
> [ +glebius ]
> 
> Thanks for reporting this!
> 
> 2018-06-22 18:54 GMT+02:00 Michael Grimm <trashcan@ellael.org>:
> >> Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST:
> >> %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17,
> >> changed state to down
> >
> > Ah, yes! Haven't thought about running syslogd in debugging mode:
> >
> >         Failed to parse TIMESTAMP from x.x.x.x: fail2ban.filter [79598]: INFO […]
> 
> This is interesting. As fail2ban uses Python's logging framework, I
> managed to reproduce this with the following script:
> 
> #!/usr/bin/env python3
> import logging.handlers
> logging.basicConfig(handlers=[
>     logging.handlers.SysLogHandler(
>         '/var/run/log', facility=logging.handlers.SysLogHandler.LOG_LOCAL7)
> ])
> logging.warning('Hi')
> 
> This will write the following message to syslogd:
> 
> sendto(3,"<188>WARNING:root:Hi\0",21,0,NULL,0)   = 21 (0x15)
> 
> This message gets rejected by syslogd, due to the change made in
> r326573, which later got adjusted by me and subsequently MFCed:
> 
> https://svnweb.freebsd.org/base?view=revision&revision=326573
> 
> Gleb, what are your thoughts on the attached patch? It alters syslogd
> to let the 'legacy' RFC 3164 parser also accept messages without a
> timestamp. The time on the syslogd server will be used instead.
> 
> Michael, Marek, could you please give this patch a try? Thanks!
> 
Hi Ed,

Thank you for expedited effort.
Patch compiles fine and I can confirm, that it resolves the issue.

-- 
Marek Zarychta

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlstYKYACgkQdZ/s//1S
jSyQSAf9EztYw09oXL1mifsFNQ+Zn909WsKbsP180+wGeilkmfDUhO2q9AeWr2ut
cyNErFRUpQBIpAMwSONytP5Hv/FXliPX6QnGes/3/6TjvPvjK+v7ZxQo94+HUOnH
sXZq857cN3D91riUcKXsijTxlcTrWCWtdxYiJXueQ41AQHI6fDdNM04scAPjo9X/
TMpppR7KL8hIvag22kXVM4flZZGx2m9Upf1QtiVHUjvmXNr7pYgvh1Wz69uTkjNJ
OJh8QAXxA8ekVoC/J7ukwJmecFaHXq8UmUWTnyHwo+1JNyYPmD6pZhRIXbtLVYUP
1LliXczjGBdchXnjYiiD5Ux7NWWJsg==
=YKxF
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180622204841.GA65261>