BF: fail2ban-regex multiline regex matches no longer in missed lines

Closes #263
Closes #282
pull/300/head
Steven Hiscocks 2013-07-17 00:08:43 +01:00
parent c61ba9f0de
commit 05fac65a50
2 changed files with 26 additions and 3 deletions

View File

@ -161,7 +161,7 @@ class LineStats(object):
@property
def missed(self):
return self.tested - (self.ignored + self.matched)
return len(self.missed_lines)
# just for convenient str
def __getitem__(self, key):
@ -273,6 +273,8 @@ class Fail2banRegex(object):
return found
def testRegex(self, line):
orgLineBuffer = self._filter._Filter__lineBuffer
fullBuffer = len(orgLineBuffer) >= self._filter.getMaxLines()
try:
ret = self._filter.processLine(line, checkAllRegex=True)
for match in ret:
@ -288,8 +290,28 @@ class Fail2banRegex(object):
except IndexError:
print "Sorry, but no <host> found in regex"
return False
for bufLine in orgLineBuffer[int(fullBuffer):]:
if bufLine not in self._filter._Filter__lineBuffer:
if self.removeMissedLine(bufLine):
self._line_stats.matched += 1
return len(ret) > 0
def removeMissedLine(self, line):
"""Remove `line` from missed lines, by comparing without time match"""
for n, missed_line in \
enumerate(reversed(self._line_stats.missed_lines)):
timeMatch = self._filter.dateDetector.matchTime(
missed_line, incHits=False)
if timeMatch:
logLine = (missed_line[:timeMatch.start()] +
missed_line[timeMatch.end():])
else:
logLine = missed_line
if logLine.rstrip("\r\n") == line:
self._line_stats.missed_lines.pop(
len(self._line_stats.missed_lines) - n - 1)
return True
return False
def process(self, test_lines):

View File

@ -173,14 +173,15 @@ class DateDetector:
def getTemplates(self):
return self.__templates
def matchTime(self, line):
def matchTime(self, line, incHits=True):
self.__lock.acquire()
try:
for template in self.__templates:
match = template.matchDate(line)
if not match is None:
logSys.debug("Matched time template %s" % template.getName())
template.incHits()
if incHits:
template.incHits()
return match
return None
finally: