From owner-freebsd-stable@freebsd.org Fri Jun 22 20:48:45 2018 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C25731026E87; Fri, 22 Jun 2018 20:48:45 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4276D81299; Fri, 22 Jun 2018 20:48:44 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (zarychtam@localhost [127.0.0.1]) by plan-b.pwste.edu.pl (8.15.2/8.15.2) with ESMTPS id w5MKmg34065375 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 22 Jun 2018 22:48:42 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1529700522; bh=RiAVHBADVEFsiEMzOtwKxy1FREkJHhB1noQALE2M7lU=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=fqEj2BHCa4df3aP/sfTaTv8rx3I+LbWTnHsdNG41oqKu8TXH1U/DbcfVczHCLpOyk KLR6Uur5pwKAFLnXeZIDtrgIIgT0/tQabfCacRek3c+1Nq2xl0TQZb6AQJXRaroBch YMQnyJTThWsDNt8ZJk5Q88yIHSdWu1cpLuPlDNrKGOgDRgei/t0iy4VhZ0cB7C64gi mgjLAaAPtnywtMM55CHijTf4RNh5DPZTDdeJy3UfdUkZ+Tsh8frbCnlDntb2u2R+2t Ivn9DwaAiqRbBo8ttfqRpgfBrNHmI8mf1EFb5imG0cc75VZ7AsLNgmz+GBwDN3CG98 jqAYVUj2+FRiw== Received: (from zarychtam@localhost) by plan-b.pwste.edu.pl (8.15.2/8.15.2/Submit) id w5MKmftA065374; Fri, 22 Jun 2018 22:48:41 +0200 (CEST) (envelope-from zarychtam) Date: Fri, 22 Jun 2018 22:48:41 +0200 From: Marek Zarychta To: Ed Schouten Cc: Michael Grimm , "ed@FreeBSD.org" , theis@gmx.at, Gleb Smirnoff , FreeBSD-STABLE Mailing List , Mailing List FreeBSD Ports Subject: Re: py-fail2ban turned silent after syslogd rollout (r335059, stable/11) Message-ID: <20180622204841.GA65261@plan-b.pwste.edu.pl> References: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> <20180622155922.GA61217@plan-b.pwste.edu.pl> <697FFEFE-6AFB-45CE-ADCD-4DB10286E68B@ellael.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CE+1k2dSO48ffgeK" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.0 (2018-05-17) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2018 20:48:46 -0000 --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 22, 2018 at 09:11:06PM +0200, Ed Schouten wrote: > Hi Marek, >=20 > [ +glebius ] >=20 > Thanks for reporting this! >=20 > 2018-06-22 18:54 GMT+02:00 Michael Grimm : > >> Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST: > >> %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17, > >> changed state to down > > > > Ah, yes! Haven't thought about running syslogd in debugging mode: > > > > Failed to parse TIMESTAMP from x.x.x.x: fail2ban.filter [79598]= : INFO [=E2=80=A6] >=20 > This is interesting. As fail2ban uses Python's logging framework, I > managed to reproduce this with the following script: >=20 > #!/usr/bin/env python3 > import logging.handlers > logging.basicConfig(handlers=3D[ > logging.handlers.SysLogHandler( > '/var/run/log', facility=3Dlogging.handlers.SysLogHandler.LOG_LOC= AL7) > ]) > logging.warning('Hi') >=20 > This will write the following message to syslogd: >=20 > sendto(3,"<188>WARNING:root:Hi\0",21,0,NULL,0) =3D 21 (0x15) >=20 > This message gets rejected by syslogd, due to the change made in > r326573, which later got adjusted by me and subsequently MFCed: >=20 > https://svnweb.freebsd.org/base?view=3Drevision&revision=3D326573 >=20 > Gleb, what are your thoughts on the attached patch? It alters syslogd > to let the 'legacy' RFC 3164 parser also accept messages without a > timestamp. The time on the syslogd server will be used instead. >=20 > Michael, Marek, could you please give this patch a try? Thanks! >=20 Hi Ed, Thank you for expedited effort. Patch compiles fine and I can confirm, that it resolves the issue. --=20 Marek Zarychta --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlstYKYACgkQdZ/s//1S jSyQSAf9EztYw09oXL1mifsFNQ+Zn909WsKbsP180+wGeilkmfDUhO2q9AeWr2ut cyNErFRUpQBIpAMwSONytP5Hv/FXliPX6QnGes/3/6TjvPvjK+v7ZxQo94+HUOnH sXZq857cN3D91riUcKXsijTxlcTrWCWtdxYiJXueQ41AQHI6fDdNM04scAPjo9X/ TMpppR7KL8hIvag22kXVM4flZZGx2m9Upf1QtiVHUjvmXNr7pYgvh1Wz69uTkjNJ OJh8QAXxA8ekVoC/J7ukwJmecFaHXq8UmUWTnyHwo+1JNyYPmD6pZhRIXbtLVYUP 1LliXczjGBdchXnjYiiD5Ux7NWWJsg== =YKxF -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK--