apache-common.conf: introduced parameter `logging` for possibility to match lines, if apache logs into syslog/systemd journal;

added test cases to cover `apache-auth[logging=syslog]`.
2017-07-12 11:25:58 +02:00 · 2017-07-12 11:25:58 +02:00 · b561af45ef
parent 10cc7e6e59
commit b561af45ef
2 changed files with 28 additions and 13 deletions
--- a/config/filter.d/apache-common.conf
+++ b/config/filter.d/apache-common.conf
@ -1,23 +1,30 @@
 # Generic configuration items (to be used as interpolations) in other
 # apache filters.
 # If you use "ErrorLog syslog" in your Apache configuration,
 # you should then create the following apache-common.local file :
 # [INCLUDES]
 # before = common.conf
 # [DEFAULT]
 # _apache_prefix = %(__prefix_line)s
 [INCLUDES]
 before = common.conf
 # Load customizations if any available
 after = apache-common.local
 [DEFAULT]
-_apache_prefix = \[\]\s
+# Apache logging mode:
 #   all - universal prefix (logfile, syslog)
 #   logfile - logfile only
 #   syslog - syslog only
 # Use `filter = apache-auth[logging=syslog]` to get more precise regex if apache logs into syslog (ErrorLog syslog).
 # Use `filter = apache-auth[logging=all]` to get universal regex matches both logging variants.
 logging = logfile
-_apache_error_client = ^%(_apache_prefix)s\[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client <HOST>(:\d{1,5})?\]
+# Apache logging prefixes (date-pattern prefix, server, process etc.):
 apache-prefix-syslog = %(__prefix_line)s
 apache-prefix-logfile = \[\]\s
 apache-prefix-all = (?:%(apache-prefix-logfile)s|%(apache-prefix-syslog)s)?
 apache-prefix = <apache-prefix-<logging>>
 _apache_error_client = <apache-prefix>\[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client <HOST>(:\d{1,5})?\]
 datepattern = {^LN-BEG}
--- a/fail2ban/tests/files/logs/apache-auth
+++ b/fail2ban/tests/files/logs/apache-auth
@ -11,10 +11,6 @@
 # failJSON: { "time": "2013-07-11T01:21:44", "match": true , "host": "2606:2800:220:1:248:1893:25c8:1946" } 
 [Thu Jul 11 01:21:44 2013] [error] [client 2606:2800:220:1:248:1893:25c8:1946] user test-ipv6 not found: /
 # Must mach syslog prefix
 # failJSON: { "time": "2005-02-16T22:32:48", "match": true , "host": "127.0.0.1" }
 Feb 16 22:32:48 srv httpd[22034]: [error] [client 127.0.0.1] user wrongusername not found: /basic/file
 # The failures below use the configuration described in fail2ban/tests/files/config/apache-auth
 #
@ -128,3 +124,15 @@ Feb 16 22:32:48 srv httpd[22034]: [error] [client 127.0.0.1] user wrongusername
 # failJSON: { "time": "2013-11-18T22:39:33", "match": true , "host": "91.49.82.139" }
 [Mon Nov 18 22:39:33 2013] [error] [client 91.49.82.139] user gg not found: /, referer: http://sj.hopto.org/management.html
 # filterOptions: {"logging": "syslog"}
 # failJSON: { "time": "2005-02-15T16:23:00", "match": true , "host": "192.0.2.1", "desc": "using syslog (ErrorLog syslog)" }
 Feb 15 16:23:00 srv httpd[22034]: [authz_core:error] [pid 22034] [client 192.0.2.1:58585] AH01630: client denied by server configuration: /home/www/
 # failJSON: { "time": "2005-02-15T16:23:40", "match": true , "host": "192.0.2.2", "desc": "using syslog (ErrorLog syslog)" }
 Feb 15 16:23:40 srv httpd/backend1[22034]: [authz_core:error] [pid 22036] [client 192.0.2.2:59392] AH01630: client denied by server configuration: /home/backend1/
 # failJSON: { "time": "2005-02-15T16:54:53", "match": true , "host": "192.0.2.3", "desc": "using syslog (ErrorLog syslog)" }
 Feb 15 16:54:53 tools apache2[18154]: [:error] [pid 18154:tid 140680873617152] [client 192.0.2.3:48154] AH01630: client denied by server configuration: /var/www
 # failJSON: { "time": "2005-02-16T22:32:48", "match": true , "host": "127.0.0.1" }
 Feb 16 22:32:48 srv httpd[22034]: [error] [client 127.0.0.1] user wrongusername not found: /basic/file