FreeBSD Mail Archives

Date:      Fri, 22 Jun 2018 21:11:06 +0200
From:      Ed Schouten <ed@nuxi.nl>
To:        Michael Grimm <trashcan@ellael.org>
Cc:        FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>,  Mailing List FreeBSD Ports <freebsd-ports@freebsd.org>, "ed@FreeBSD.org" <ed@freebsd.org>, theis@gmx.at,  Gleb Smirnoff <glebius@freebsd.org>
Subject:   Re: py-fail2ban turned silent after syslogd rollout (r335059, stable/11)
Message-ID:  <CABh_MKkdObTmbNXnKrudyHjkd8s3aukUUC=Vee%2BRShJepWpwNg@mail.gmail.com>
In-Reply-To: <697FFEFE-6AFB-45CE-ADCD-4DB10286E68B@ellael.org>
References:  <590A1B87-464D-455C-A03D-9908EB7AF286@ellael.org> <20180622155922.GA61217@plan-b.pwste.edu.pl> <697FFEFE-6AFB-45CE-ADCD-4DB10286E68B@ellael.org>

--0000000000000b106f056f3fcd51
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Marek,

[ +glebius ]

Thanks for reporting this!

2018-06-22 18:54 GMT+02:00 Michael Grimm <trashcan@ellael.org>:
>> Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST:
>> %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17,
>> changed state to down
>
> Ah, yes! Haven't thought about running syslogd in debugging mode:
>
>         Failed to parse TIMESTAMP from x.x.x.x: fail2ban.filter [79598]: =
INFO [=E2=80=A6]

This is interesting. As fail2ban uses Python's logging framework, I
managed to reproduce this with the following script:

#!/usr/bin/env python3
import logging.handlers
logging.basicConfig(handlers=3D[
    logging.handlers.SysLogHandler(
        '/var/run/log', facility=3Dlogging.handlers.SysLogHandler.LOG_LOCAL=
7)
])
logging.warning('Hi')

This will write the following message to syslogd:

sendto(3,"<188>WARNING:root:Hi\0",21,0,NULL,0)   =3D 21 (0x15)

This message gets rejected by syslogd, due to the change made in
r326573, which later got adjusted by me and subsequently MFCed:

https://svnweb.freebsd.org/base?view=3Drevision&revision=3D326573

Gleb, what are your thoughts on the attached patch? It alters syslogd
to let the 'legacy' RFC 3164 parser also accept messages without a
timestamp. The time on the syslogd server will be used instead.

Michael, Marek, could you please give this patch a try? Thanks!

--=20
Ed Schouten <ed@nuxi.nl>
Nuxi, 's-Hertogenbosch, the Netherlands

--0000000000000b106f056f3fcd51
Content-Type: text/x-patch; charset="US-ASCII"; name="syslogd-optional-timestamp.diff"
Content-Disposition: attachment; filename="syslogd-optional-timestamp.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_jiqcpgzp0

SW5kZXg6IHVzci5zYmluL3N5c2xvZ2Qvc3lzbG9nZC5jCj09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHVzci5zYmlu
L3N5c2xvZ2Qvc3lzbG9nZC5jCShyZXZpc2lvbiAzMzUzMTQpCisrKyB1c3Iuc2Jpbi9zeXNsb2dk
L3N5c2xvZ2QuYwkod29ya2luZyBjb3B5KQpAQCAtMTE3Miw0NSArMTE3Miw0MyBAQAogCXNpemVf
dCBpLCBtc2dsZW47CiAJY2hhciBsaW5lW01BWExJTkUgKyAxXTsKIAotCS8qIFBhcnNlIHRoZSB0
aW1lc3RhbXAgcHJvdmlkZWQgYnkgdGhlIHJlbW90ZSBzaWRlLiAqLwotCWlmIChzdHJwdGltZSht
c2csIFJGQzMxNjRfREFURUZNVCwgJnRtX3BhcnNlZCkgIT0KLQkgICAgbXNnICsgUkZDMzE2NF9E
QVRFTEVOIHx8IG1zZ1tSRkMzMTY0X0RBVEVMRU5dICE9ICcgJykgewotCQlkcHJpbnRmKCJGYWls
ZWQgdG8gcGFyc2UgVElNRVNUQU1QIGZyb20gJXM6ICVzXG4iLCBmcm9tLCBtc2cpOwotCQlyZXR1
cm47Ci0JfQotCW1zZyArPSBSRkMzMTY0X0RBVEVMRU4gKyAxOworCS8qIFBhcnNlIHRoZSB0aW1l
c3RhbXAgcHJvdmlkZWQgYnkgdGhlIHJlbW90ZSBzaWRlLCBpZiBhbnkuICovCisJdGltZXN0YW1w
ID0gTlVMTDsKKwlpZiAoc3RycHRpbWUobXNnLCBSRkMzMTY0X0RBVEVGTVQsICZ0bV9wYXJzZWQp
ID09CisJICAgIG1zZyArIFJGQzMxNjRfREFURUxFTiAmJiBtc2dbUkZDMzE2NF9EQVRFTEVOXSA9
PSAnICcpIHsKKwkJbXNnICs9IFJGQzMxNjRfREFURUxFTiArIDE7CisJCWlmICghUmVtb3RlQWRk
RGF0ZSkgeworCQkJc3RydWN0IHRtIHRtX25vdzsKKwkJCXRpbWVfdCB0X25vdzsKKwkJCWludCB5
ZWFyOwogCi0JaWYgKCFSZW1vdGVBZGREYXRlKSB7Ci0JCXN0cnVjdCB0bSB0bV9ub3c7Ci0JCXRp
bWVfdCB0X25vdzsKLQkJaW50IHllYXI7Ci0KLQkJLyoKLQkJICogQXMgdGhlIHRpbWVzdGFtcCBk
b2VzIG5vdCBjb250YWluIHRoZSB5ZWFyIG51bWJlciwKLQkJICogZGF5bGlnaHQgc2F2aW5nIHRp
bWUgaW5mb3JtYXRpb24sIG5vciBhIHRpbWUgem9uZSwKLQkJICogYXR0ZW1wdCB0byBpbmZlciBp
dC4gRHVlIHRvIGNsb2NrIHNrZXdzLCB0aGUKLQkJICogdGltZXN0YW1wIG1heSBldmVuIGJlIHBh
cnQgb2YgdGhlIG5leHQgeWVhci4gVXNlIHRoZQotCQkgKiBsYXN0IHllYXIgZm9yIHdoaWNoIHRo
ZSB0aW1lc3RhbXAgaXMgYXQgbW9zdCBvbmUgd2VlawotCQkgKiBpbiB0aGUgZnV0dXJlLgotCQkg
KgotCQkgKiBUaGlzIGxvb3AgY2FuIG9ubHkgcnVuIGZvciBhdCBtb3N0IHRocmVlIGl0ZXJhdGlv
bnMKLQkJICogYmVmb3JlIHRlcm1pbmF0aW5nLgotCQkgKi8KLQkJdF9ub3cgPSB0aW1lKE5VTEwp
OwotCQlsb2NhbHRpbWVfcigmdF9ub3csICZ0bV9ub3cpOwotCQlmb3IgKHllYXIgPSB0bV9ub3cu
dG1feWVhciArIDE7OyAtLXllYXIpIHsKLQkJCWFzc2VydCh5ZWFyID49IHRtX25vdy50bV95ZWFy
IC0gMSk7Ci0JCQl0aW1lc3RhbXBfcmVtb3RlLnRtID0gdG1fcGFyc2VkOwotCQkJdGltZXN0YW1w
X3JlbW90ZS50bS50bV95ZWFyID0geWVhcjsKLQkJCXRpbWVzdGFtcF9yZW1vdGUudG0udG1faXNk
c3QgPSAtMTsKLQkJCXRpbWVzdGFtcF9yZW1vdGUudXNlYyA9IDA7Ci0JCQlpZiAobWt0aW1lKCZ0
aW1lc3RhbXBfcmVtb3RlLnRtKSA8Ci0JCQkgICAgdF9ub3cgKyA3ICogMjQgKiA2MCAqIDYwKQot
CQkJCWJyZWFrOworCQkJLyoKKwkJCSAqIEFzIHRoZSB0aW1lc3RhbXAgZG9lcyBub3QgY29udGFp
biB0aGUgeWVhcgorCQkJICogbnVtYmVyLCBkYXlsaWdodCBzYXZpbmcgdGltZSBpbmZvcm1hdGlv
biwgbm9yCisJCQkgKiBhIHRpbWUgem9uZSwgYXR0ZW1wdCB0byBpbmZlciBpdC4gRHVlIHRvCisJ
CQkgKiBjbG9jayBza2V3cywgdGhlIHRpbWVzdGFtcCBtYXkgZXZlbiBiZSBwYXJ0CisJCQkgKiBv
ZiB0aGUgbmV4dCB5ZWFyLiBVc2UgdGhlIGxhc3QgeWVhciBmb3Igd2hpY2gKKwkJCSAqIHRoZSB0
aW1lc3RhbXAgaXMgYXQgbW9zdCBvbmUgd2VlayBpbiB0aGUKKwkJCSAqIGZ1dHVyZS4KKwkJCSAq
CisJCQkgKiBUaGlzIGxvb3AgY2FuIG9ubHkgcnVuIGZvciBhdCBtb3N0IHRocmVlCisJCQkgKiBp
dGVyYXRpb25zIGJlZm9yZSB0ZXJtaW5hdGluZy4KKwkJCSAqLworCQkJdF9ub3cgPSB0aW1lKE5V
TEwpOworCQkJbG9jYWx0aW1lX3IoJnRfbm93LCAmdG1fbm93KTsKKwkJCWZvciAoeWVhciA9IHRt
X25vdy50bV95ZWFyICsgMTs7IC0teWVhcikgeworCQkJCWFzc2VydCh5ZWFyID49IHRtX25vdy50
bV95ZWFyIC0gMSk7CisJCQkJdGltZXN0YW1wX3JlbW90ZS50bSA9IHRtX3BhcnNlZDsKKwkJCQl0
aW1lc3RhbXBfcmVtb3RlLnRtLnRtX3llYXIgPSB5ZWFyOworCQkJCXRpbWVzdGFtcF9yZW1vdGUu
dG0udG1faXNkc3QgPSAtMTsKKwkJCQl0aW1lc3RhbXBfcmVtb3RlLnVzZWMgPSAwOworCQkJCWlm
IChta3RpbWUoJnRpbWVzdGFtcF9yZW1vdGUudG0pIDwKKwkJCQkgICAgdF9ub3cgKyA3ICogMjQg
KiA2MCAqIDYwKQorCQkJCQlicmVhazsKKwkJCX0KKwkJCXRpbWVzdGFtcCA9ICZ0aW1lc3RhbXBf
cmVtb3RlOwogCQl9Ci0JCXRpbWVzdGFtcCA9ICZ0aW1lc3RhbXBfcmVtb3RlOwotCX0gZWxzZQot
CQl0aW1lc3RhbXAgPSBOVUxMOworCX0KIAogCS8qCiAJICogQSBzaW5nbGUgc3BhY2UgY2hhcmFj
dGVyIE1VU1QgYWxzbyBmb2xsb3cgdGhlIEhPU1ROQU1FIGZpZWxkLgo=
--0000000000000b106f056f3fcd51--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABh_MKkdObTmbNXnKrudyHjkd8s3aukUUC=Vee%2BRShJepWpwNg>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation