diff --git a/fail2ban/__init__.py b/fail2ban/__init__.py index cd92dbab..0f0fc3ec 100644 --- a/fail2ban/__init__.py +++ b/fail2ban/__init__.py @@ -26,8 +26,11 @@ __license__ = "GPL" import logging.handlers -# Custom debug level +# Custom debug levels +logging.TRACEDEBUG = 7 logging.HEAVYDEBUG = 5 +logging.addLevelName(logging.TRACEDEBUG, 'TRACE') +logging.addLevelName(logging.HEAVYDEBUG, 'HEAVY') """ Below derived from: diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py index 8e1b0e5c..c81d585e 100644 --- a/fail2ban/client/fail2banreader.py +++ b/fail2ban/client/fail2banreader.py @@ -25,7 +25,7 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier" __license__ = "GPL" from .configreader import ConfigReader -from ..helpers import getLogger +from ..helpers import getLogger, str2LogLevel # Gets the instance of the logger. logSys = getLogger(__name__) @@ -58,6 +58,8 @@ class Fail2banReader(ConfigReader): self.__opts = ConfigReader.getOptions(self, "Definition", opts) if updateMainOpt: self.__opts.update(updateMainOpt) + # check given log-level: + str2LogLevel(self.__opts.get('loglevel', 0)) def convert(self): # Ensure logtarget/level set first so any db errors are captured diff --git a/fail2ban/helpers.py b/fail2ban/helpers.py index 2738f5e6..bbed61cf 100644 --- a/fail2ban/helpers.py +++ b/fail2ban/helpers.py @@ -129,6 +129,16 @@ def getLogger(name): name = "fail2ban.%s" % name.rpartition(".")[-1] return logging.getLogger(name) +def str2LogLevel(value): + try: + if isinstance(value, int) or value.isdigit(): + ll = int(value) + else: + ll = getattr(logging, value) + except AttributeError: + raise ValueError("Invalid log level %r" % value) + return ll + def excepthook(exctype, value, traceback): """Except hook used to log unhandled exceptions to Fail2Ban log diff --git a/fail2ban/protocol.py b/fail2ban/protocol.py index 879183e5..d1c33d88 100644 --- a/fail2ban/protocol.py +++ b/fail2ban/protocol.py @@ -61,7 +61,8 @@ protocol = [ ["help", "return this output"], ["version", "return the server version"], ['', "LOGGING", ""], -["set loglevel ", "sets logging level to . Levels: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG"], +["set loglevel ", "sets logging level to . Levels: CRITICAL, ERROR, WARNING, NOTICE, INFO, " + "DEBUG, TRACEDEBUG, HEAVYDEBUG or corresponding numeric value (50-5)"], ["get loglevel", "gets the logging level"], ["set logtarget ", "sets logging target to . Can be STDOUT, STDERR, SYSLOG or a file"], ["get logtarget", "gets logging target"], diff --git a/fail2ban/server/filterpoll.py b/fail2ban/server/filterpoll.py index abf16e1b..59310bed 100644 --- a/fail2ban/server/filterpoll.py +++ b/fail2ban/server/filterpoll.py @@ -137,10 +137,10 @@ class FilterPoll(FileFilter): logStats = os.stat(filename) stats = logStats.st_mtime, logStats.st_ino, logStats.st_size pstats = self.__prevStats.get(filename, (0)) - if logSys.getEffectiveLevel() <= 7: + if logSys.getEffectiveLevel() <= 5: # we do not want to waste time on strftime etc if not necessary dt = logStats.st_mtime - pstats[0] - logSys.log(7, "Checking %s for being modified. Previous/current stats: %s / %s. dt: %s", + logSys.log(5, "Checking %s for being modified. Previous/current stats: %s / %s. dt: %s", filename, pstats, stats, dt) # os.system("stat %s | grep Modify" % filename) self.__file404Cnt[filename] = 0 diff --git a/fail2ban/server/filterpyinotify.py b/fail2ban/server/filterpyinotify.py index 56d6ef83..73c82099 100644 --- a/fail2ban/server/filterpyinotify.py +++ b/fail2ban/server/filterpyinotify.py @@ -76,7 +76,7 @@ class FilterPyinotify(FileFilter): logSys.debug("Created FilterPyinotify") def callback(self, event, origin=''): - logSys.debug("%sCallback for Event: %s", origin, event) + logSys.log(7, "[%s] %sCallback for Event: %s", self.jailName, origin, event) path = event.pathname if event.mask & ( pyinotify.IN_CREATE | pyinotify.IN_MOVED_TO ): # skip directories altogether diff --git a/fail2ban/server/filtersystemd.py b/fail2ban/server/filtersystemd.py index 310d15b3..0d720a5e 100644 --- a/fail2ban/server/filtersystemd.py +++ b/fail2ban/server/filtersystemd.py @@ -218,7 +218,7 @@ class FilterSystemd(JournalFilter): # pragma: systemd no cover date = logentry.get('_SOURCE_REALTIME_TIMESTAMP', logentry.get('__REALTIME_TIMESTAMP')) - logSys.debug("[%s] Read systemd journal entry: %s %s", self.jailName, + logSys.log(5, "[%s] Read systemd journal entry: %s %s", self.jailName, date.isoformat(), logline) ## use the same type for 1st argument: return ((logline[:0], date.isoformat(), logline), diff --git a/fail2ban/server/server.py b/fail2ban/server/server.py index a21b1fce..2ae96e15 100644 --- a/fail2ban/server/server.py +++ b/fail2ban/server/server.py @@ -38,7 +38,7 @@ from .filter import FileFilter, JournalFilter from .transmitter import Transmitter from .asyncserver import AsyncServer, AsyncServerException from .. import version -from ..helpers import getLogger, excepthook +from ..helpers import getLogger, str2LogLevel, excepthook # Gets the instance of the logger. logSys = getLogger(__name__) @@ -510,14 +510,11 @@ class Server: with self.__loggingLock: if self.__logLevel == value: return - try: - ll = getattr(logging, value) - # don't change real log-level if running from the test cases: - getLogger("fail2ban").setLevel( - ll if DEF_LOGTARGET != "INHERITED" or ll < logging.DEBUG else DEF_LOGLEVEL) - self.__logLevel = value - except AttributeError: - raise ValueError("Invalid log level %r" % value) + ll = str2LogLevel(value) + # don't change real log-level if running from the test cases: + getLogger("fail2ban").setLevel( + ll if DEF_LOGTARGET != "INHERITED" or ll < logging.DEBUG else DEF_LOGLEVEL) + self.__logLevel = value ## # Get the logging level. diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py index d044da4b..ebc39d9b 100644 --- a/fail2ban/tests/servertestcase.py +++ b/fail2ban/tests/servertestcase.py @@ -842,6 +842,8 @@ class TransmitterLogging(TransmitterBase): def testLogLevel(self): self.setGetTest("loglevel", "HEAVYDEBUG") + self.setGetTest("loglevel", "TRACEDEBUG") + self.setGetTest("loglevel", "9") self.setGetTest("loglevel", "DEBUG") self.setGetTest("loglevel", "INFO") self.setGetTest("loglevel", "NOTICE") diff --git a/man/fail2ban-client.1 b/man/fail2ban-client.1 index 33bce652..281d8f5b 100644 --- a/man/fail2ban-client.1 +++ b/man/fail2ban-client.1 @@ -120,7 +120,9 @@ LOGGING \fBset loglevel \fR sets logging level to . Levels: CRITICAL, ERROR, WARNING, -NOTICE, INFO, DEBUG +NOTICE, INFO, DEBUG, TRACEDEBUG, +HEAVYDEBUG or corresponding +numeric value (50\-5) .TP \fBget loglevel\fR gets the logging level diff --git a/man/fail2ban-regex.1 b/man/fail2ban-regex.1 index 342d18f7..44e13c86 100644 --- a/man/fail2ban-regex.1 +++ b/man/fail2ban-regex.1 @@ -51,6 +51,11 @@ File encoding. Default: system locale \fB\-r\fR, \fB\-\-raw\fR Raw hosts, don't resolve dns .TP +\fB\-\-usedns\fR=\fI\,USEDNS\/\fR +DNS specified replacement of tags in regexp +('yes' \- matches all form of hosts, 'no' \- IP +addresses only) +.TP \fB\-L\fR MAXLINES, \fB\-\-maxlines\fR=\fI\,MAXLINES\/\fR maxlines for multi\-line regex .TP diff --git a/man/jail.conf.5 b/man/jail.conf.5 index 865c689e..51a00cdc 100644 --- a/man/jail.conf.5 +++ b/man/jail.conf.5 @@ -127,7 +127,7 @@ These files have one section, [Definition]. The items that can be set are: .TP .B loglevel -verbosity level of log output: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG. Default: ERROR +verbosity level of log output: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG, TRACEDEBUG, HEAVYDEBUG or corresponding numeric value (50-5). Default: ERROR (equal 40) .TP .B logtarget log target: filename, SYSLOG, STDERR or STDOUT. Default: STDERR