Merge branch 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban

* 'bf/syslog-format' of https://github.com/yarikoptic/fail2ban: Changelog entries for the last changes ENH: added optional [PID] matching in recidive.conf ENH: reintroducing levelnameinto syslog msgs, time stamp and indentation in non-syslog msgs BF/ENH: include [PID] into logging msgs, remove indentation from syslog messages Conflicts: ChangeLog
2013-11-29 19:58:56 -05:00 · 2013-11-29 19:58:56 -05:00 · 3a5983ab0b
parent 982d5abbef 085ebbe1de
commit 3a5983ab0b
4 changed files with 9 additions and 5 deletions
--- a/3
+++ b/3
@ -24,6 +24,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
 - Enhancements:
  - long names on jails documented based on iptables limit of 30 less
    len("fail2ban-").
+  - remove indentation of name and loglevel while logging to SYSLOG to
+    resolve syslog(-ng) parsing problems. Closes Debian bug #730202.

 - New Features:

@ -31,6 +33,7 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
   * filter.d/solid-pop3d -- added thanks to Jacques Lav!gnotte on mailinglist.

 - Enhancements:
+  - loglines now also report "[PID]" after the name portion


 ver. 0.8.11 (2013/11/13) - loves-unittests-and-tight-DoS-free-filter-regexes
--- a/config/filter.d/recidive.conf
+++ b/config/filter.d/recidive.conf
@ -27,6 +27,6 @@ _daemon = fail2ban\.actions
 # jail using this filter 'recidive', or change this line!
 _jailname = recidive

-failregex = ^(%(__prefix_line)s|,\d{3} fail2ban.actions:\s+)WARNING\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
+failregex = ^(%(__prefix_line)s|,\d{3} fail2ban.actions%(__pid_re)s?:\s+)WARNING\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$

 # Author: Tom Hendrikx, modifications by Amir Caspi 
--- a/server/server.py
+++ b/server/server.py
@ -347,13 +347,12 @@ class Server:
 		try:
 			self.__loggingLock.acquire()
 			# set a format which is simpler for console use
-			formatter = logging.Formatter("%(asctime)s %(name)-16s: %(levelname)-6s %(message)s")
+			formatter = logging.Formatter("%(asctime)s %(name)-16s[%(process)d]: %(levelname)-7s %(message)s")
 			if target == "SYSLOG":
 				# Syslog daemons already add date to the message.
-				formatter = logging.Formatter("%(name)-16s: %(levelname)-6s %(message)s")
+				formatter = logging.Formatter("%(name)s[%(process)d]: %(levelname)s %(message)s")
 				facility = logging.handlers.SysLogHandler.LOG_DAEMON
-				hdlr = logging.handlers.SysLogHandler("/dev/log", 
-													  facility = facility)
+				hdlr = logging.handlers.SysLogHandler("/dev/log", facility=facility)
 			elif target == "STDOUT":
 				hdlr = logging.StreamHandler(sys.stdout)
 			elif target == "STDERR":
--- a/testcases/files/logs/recidive
+++ b/testcases/files/logs/recidive
@ -1,5 +1,7 @@
 # failJSON: { "time": "2006-02-13T15:52:30", "match": true , "host": "1.2.3.4" }
 2006-02-13 15:52:30,388 fail2ban.actions: WARNING [sendmail] Ban 1.2.3.4
+# failJSON: { "time": "2006-02-13T15:52:30", "match": true , "host": "1.2.3.4", "desc": "Extended with [PID]" }
+2006-02-13 15:52:30,388 fail2ban.actions[123]: WARNING [sendmail] Ban 1.2.3.4
 # failJSON: { "match": false }
 2006-02-13 16:07:31,183 fail2ban.actions: WARNING [sendmail] Unban 1.2.3.4
 # failJSON: { "match": false }