View Issue Details

IDProjectCategoryView StatusLast Update
0008885CentOS-7logwatchpublic2015-06-10 13:20
Reporterquintinbjacklin 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Platformx64OScentosOS Version7.0
Product Version7.0-1406 
Target VersionFixed in Version 
Summary0008885: Logwatch script for fail2ban doesn't detect any ban/unbans
DescriptionIt seems the log levels and format for fail2ban has changed slightly, and so the logwatch script no longer detects bans or unbans.
Steps To Reproduce1. enable sshd jail in /etc/fail2ban/jail.conf
2. login to the server 5 times with an invalid user
3. verify the ban occurred by viewing /var/log/fail2ban.log
4. run: sudo logwatch --output stdout --debug Med --service fail2ban

No output is produced to reflect the ban.
Additional InformationThe problem lies in the expected log format which the logwatch script is looking for.

Affected package: logwatch-7.4.0-28.20130522svn140.el7.noarch
Affected file: /usr/share/logwatch/scripts/services/fail2ban
Affected line: 81

The affected line currently reads:
} elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {

To fix, change this line to:
} elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/NOTICE:?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {

This includes:
1. the loglevel change to NOTICE
2. the extra + after the first \s to match all whitespace up until the jail name.

TagsNo tags attached.
abrt_hash
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2015-06-10 13:20 quintinbjacklin New Issue