From 12259bb3c7aac2e33b9cc8f601c0e556b5401bd5 Mon Sep 17 00:00:00 2001 From: Georges Racinet Date: Fri, 9 Jun 2017 20:39:03 +0200 Subject: [PATCH] man and ChangeLog for logtimezone --- ChangeLog | 2 +- man/jail.conf.5 | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index cd4776ee..7c99da91 100644 --- a/ChangeLog +++ b/ChangeLog @@ -98,7 +98,7 @@ TODO: implementing of options resp. other tasks from PR #1346 e. g. by unban all, reload with removing action, stop, shutdown the system (gh-1743), the actions having `actionflush` do not execute `actionunban` for each single ticket * add new command `actionflush` default for several iptables/iptables-ipset actions (and common include); - +* add new jail option `logtimezone` to force the timezone on log lines that don't have an explicit one (gh-1773) ver. 0.10.0-alpha-1 (2016/07/14) - ipv6-support-etc ----------- diff --git a/man/jail.conf.5 b/man/jail.conf.5 index 5a75369c..a43346e1 100644 --- a/man/jail.conf.5 +++ b/man/jail.conf.5 @@ -177,6 +177,25 @@ Ensure syslog or the program that generates the log file isn't configured to com .TP .B logencoding encoding of log files used for decoding. Default value of "auto" uses current system locale. +.TP +.B logtimezone +Force the time zone for log lines that don't have one. + +If this option is not specified, log lines from which no explicit time zone has been found are interpreted by fail2ban in its own system time zone, and that may turn to be inappropriate. While the best practice is to configure the monitored applications to include explicit offsets, this option is meant to handle cases where that is not possible. + +The supported time zones in this option are those with fixed offset: Z, UTC[+-]hhmm (you can also use GMT as an alias to UTC). + +This option has no effect on log lines on which an explicit time zone has been found. +Examples: + +.RS +.nf + logtimezone = UTC + logtimezone = UTC+0200 + logtimezone = GMT-0100 +.fi +.RE + .TP .B banaction banning action (default iptables-multiport) typically specified in the \fI[DEFAULT]\fR section for all jails.