Date: Fri, 22 Jun 2018 17:59:22 +0200 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: freebsd-stable@freebsd.org Subject: Re: py-fail2ban turned silent after syslogd rollout (r335059, stable/11) Message-ID: <20180622155922.GA61217@plan-b.pwste.edu.pl> In-Reply-To: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> References: <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--tThc/1wpZn/ma/RB Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 22, 2018 at 03:12:05PM +0200, Michael Grimm wrote: > Hi, >=20 > this is 11.2-STABLE (r335532), and I am referring to the recent MFC of sy= slogd modifications [1].=20 >=20 > Because I cannot judge whether fail2ban lacks support for the renewed sys= logd or syslogd has an issue in receiving fail2ban messages I do crosspost = this mail to ports and stable. >=20 > I do have fail2ban configured to report to SYSLOG: >=20 > logtarget =3D SYSLOG > syslogsocket =3D auto >=20 > But now, after upgrading to the new syslogd fail2ban refuses to report to= syslogd; no single message gets recorded [2]. >=20 > I did try to modify the syslogsocket setting to /var/run/log without succ= ess. Pointing logtarget to a regular files tells me that fail2ban is runnin= g as expected, it only lacks reporting to SYSLOG. >=20 > #) Does anyone else has running py-fail2ban at >=3D r335059 and can confi= rm my observations?=20 > #) Any ideas how to debug this issue? >=20 > Thank you in advance and regards, > Michael >=20 >=20 > [1] https://svnweb.freebsd.org/base/stable/11/usr.sbin/syslogd/Makefile?r= evision=3D335059&view=3Dmarkup&sortby=3Dfile > [2] both syslogd and fail2ban are running at the host, thus another issue= with syslogd fixed in=20 > https://svnweb.freebsd.org/base?view=3Drevision&sortby=3Dfile&revisio= n=3D335314 does not apply >=20 This is probably connected with the lack of handling of non-RFC compliant timestamps.=20 My syslog server also suffers from this issue. It stopped logging messages from old Cisco equipment and some newer Netgear switches. Running it in debug mode gives some clue: Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17, changed state to down Could you please give any advice or workaround for this issue? --=20 Marek Zarychta --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlstHNgACgkQdZ/s//1S jSyUkAf5Ae7lSkVMSxq9jeZAeG1CAyBRzbW65JFKWfiwB9onS7SrFE0fbRWO/U95 DRUpg8cQCv9fXWLF0BKjVzGh06LFxuulQVNQxzXPqyPiuVqrVYcyFYN2PFXgIDEl En1m1VjkHwRAGwuzfJNqQHDpNBvwbNEROTyvNTK4UTxC3XRaUv2P3/5Pcruym6fX 54nBVsmePnTpWhA3AaOv68GpQ8kcqMIN2CbL5/hDaNDVxjI0YG/q93Y7Qs5zyfqF lAI5U3GXoLzz+M0WGjhD8G/ZseykoLopbHzsNZah83vvf4H9Q3w24Vqs9wsC1Nng ZPzlFn51LWWIWyWLooVx4ElEfo6nqQ== =YTva -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180622155922.GA61217>