From 30d1f003e1c5f5f038f0887c1f6afcce0d7cd060 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Sat, 28 Sep 2013 20:56:48 +1000 Subject: [PATCH] BF: add multiline support --- fail2ban/server/filter.py | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py index 68b27b32..41eb7505 100644 --- a/fail2ban/server/filter.py +++ b/fail2ban/server/filter.py @@ -74,6 +74,7 @@ class Filter(JailThread): self.__lineBuffer = [] ## Store last time stamp, applicable for multi-line self.__lastTimeLine = "" + self.__lastDate = None self.dateDetector = DateDetector() self.dateDetector.addDefaultTemplate() @@ -402,19 +403,28 @@ class Filter(JailThread): # The ignoreregex matched. Return. logSys.log(7, "Matched ignoreregex and was \"%s\" ignored", logLine) return failList - dd = self.dateDetector.getTime(logLine) - - if dd is None: - return failList - date = dd[0] - timeMatch = dd[1] - if timeMatch: + + dateTimeMatch = self.dateDetector.getTime(logLine) + + if dateTimeMatch is not None: # Lets split into time part and log part of the line + date = dateTimeMatch[0] + timeMatch = dateTimeMatch[1] + timeLine = timeMatch.group() + self.__lastTimeLine = timeLine + self.__lastDate = date # Lets leave the beginning in as well, so if there is no # anchore at the beginning of the time regexp, we don't # at least allow injection. Should be harmless otherwise logLine = logLine[:timeMatch.start()] + logLine[timeMatch.end():] + else: + timeLine = self.__lastTimeLine or logLine + date = self.__lastDate + + self.__lineBuffer = (self.__lineBuffer + [logLine])[-self.__lineBufferSize:] + + logLine = "\n".join(self.__lineBuffer) + "\n" # Iterates over all the regular expressions. for failRegexIndex, failRegex in enumerate(self.__failRegex):