Package: fail2ban
Version: 0.8.6-3wheezy2
Severity: minor
I configured fail2ban to log to syslog and would get events like these:
2013-11-21T04:24:01.077+00:00 pawan fail2ban.filter : INFO Log
rotation detected for /var/log/syslog-ng.log
2013-11-21T15:12:29.713+00:00 pawan fail2ban.jail : INFO Jail
'apache' stopped
2013-11-21T15:12:29.715+00:00 pawan fail2ban.server : INFO
Changed logging target to SYSLOG for Fail2ban v0.8.6
2013-11-21T15:12:29.715+00:00 pawan fail2ban.jail : INFO
Creating new jail 'apache'
2013-11-21T15:12:29.716+00:00 pawan fail2ban.jail : INFO Jail
'apache' uses poller
2013-11-21T15:12:29.724+00:00 pawan fail2ban.filter : INFO
Added logfile = /var/log/syslog-ng.log
2013-11-21T15:12:29.725+00:00 pawan fail2ban.filter : INFO Set
maxRetry = 1
2013-11-21T15:12:29.726+00:00 pawan fail2ban.filter : INFO Set
findtime = 2592000
2013-11-21T15:12:29.727+00:00 pawan fail2ban.actions: INFO Set
banTime = -1
Gergely tells me in Bug#725668 that syslog(-ng) will split the ident
from message on space, so rather than ident being "fail2ban.filter " it
will be "fail2ban.filter" and the message becomes " : INFO ...." instead
of the expected "INFO ...". This cause problems for syslog-ng which has
filtering and flexible logging capabilities.
The level, "INFO", btw, should not be encoded in the message string, but
leave that for syslog to record in whatever what it is configured.
It looks like the action is here:
server/server.py:
def setLogTarget(self, target):
....
if target == "SYSLOG":
# Syslog daemons already add date to the
message.
formatter = logging.Formatter("%(name)-16s:
%(levelname)-6s %(message)s")
facility =
logging.handlers.SysLogHandler.LOG_DAEMON
hdlr =
logging.handlers.SysLogHandler("/dev/log",
facility = facility)
where the proposed formatting line should be:
formatter = logging.Formatter("%(name)s:
%(message)s")
Not sure if there is anything else to do to pass the correct logging level to
syslog.
-- System Information:
Debian Release: 7.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages fail2ban depends on:
ii lsb-base 4.1+Debian8+deb7u1
ii python 2.7.3-4+deb7u1
ii python-central 0.6.17
Versions of packages fail2ban recommends:
ii iptables 1.4.14-3.1
pn python-gamin <none>
ii whois 5.0.23
Versions of packages fail2ban suggests:
ii mailutils [mailx] 1:2.99.97-3
-- Configuration Files:
/etc/fail2ban/fail2ban.conf changed [not included]
/etc/fail2ban/filter.d/apache-common.conf changed [not included]
/etc/fail2ban/filter.d/postfix.conf changed [not included]
/etc/fail2ban/jail.conf changed [not included]
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
