View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008885 | CentOS-7 | logwatch | public | 2015-06-10 13:20 | 2015-06-10 13:20 |
| Reporter | quintinbjacklin | ||||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | x64 | OS | centos | OS Version | 7.0 |
| Product Version | 7.0-1406 | ||||
| Target Version | Fixed in Version | ||||
| Summary | 0008885: Logwatch script for fail2ban doesn't detect any ban/unbans | ||||
| Description | It seems the log levels and format for fail2ban has changed slightly, and so the logwatch script no longer detects bans or unbans. | ||||
| Steps To Reproduce | 1. enable sshd jail in /etc/fail2ban/jail.conf 2. login to the server 5 times with an invalid user 3. verify the ban occurred by viewing /var/log/fail2ban.log 4. run: sudo logwatch --output stdout --debug Med --service fail2ban No output is produced to reflect the ban. | ||||
| Additional Information | The problem lies in the expected log format which the logwatch script is looking for. Affected package: logwatch-7.4.0-28.20130522svn140.el7.noarch Affected file: /usr/share/logwatch/scripts/services/fail2ban Affected line: 81 The affected line currently reads: } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) { To fix, change this line to: } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/NOTICE:?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) { This includes: 1. the loglevel change to NOTICE 2. the extra + after the first \s to match all whitespace up until the jail name. | ||||
| Tags | No tags attached. | ||||
| abrt_hash | |||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-06-10 13:20 | quintinbjacklin | New Issue |
