Merge pull request #364 from kwirk/journal-datedetector

ENH: Journal datedetector - fail2ban-regex date pattern setting
2013-09-28 15:17:34 -07:00 · 2013-09-28 15:17:34 -07:00 · c5ad2552b2
parent 1f1a56174f 011ccbc675
commit c5ad2552b2
6 changed files with 52 additions and 22 deletions
--- a/bin/fail2ban-regex
+++ b/bin/fail2ban-regex
@ -198,16 +198,9 @@ class Fail2banRegex(object):
 		self._print_all_missed = opts.print_all_missed
 		self._print_all_ignored = opts.print_all_ignored
 		self._maxlines_set = False		  # so we allow to override maxlines in cmdline
 		self._datepattern_set = False
 		self._journalmatch = None
 		if opts.datepattern:
 			self.setDatePattern(opts.datepattern)
 		if opts.encoding:
 			self.encoding = opts.encoding
 		else:
 			self.encoding = locale.getpreferredencoding()
 		self._filter = Filter(None)
 		self._ignoreregex = list()
 		self._failregex = list()
@ -217,9 +210,20 @@ class Fail2banRegex(object):
 			self.setMaxLines(opts.maxlines)
 		if opts.journalmatch is not None:
 			self.setJournalMatch(opts.journalmatch.split())
 		if opts.datepattern:
 			self.setDatePattern(opts.datepattern)
 		if opts.encoding:
 			self.encoding = opts.encoding
 		else:
 			self.encoding = locale.getpreferredencoding()
 	def setDatePattern(self, pattern):
 		if not self._datepattern_set:
 			self._filter.setDatePattern(pattern)
 			self._datepattern_set = True
 			print "Use      datepattern : %s" % self._filter.getDatePattern()[1]
 	def setMaxLines(self, v):
 		if not self._maxlines_set:
@ -425,6 +429,11 @@ if __name__ == "__main__":
 	parser = get_opt_parser()
 	(opts, args) = parser.parse_args()
 	print
 	print "Running tests"
 	print "============="
 	print
 	fail2banRegex = Fail2banRegex(opts)
 	# We need 2 or 3 parameters
@ -462,11 +471,6 @@ if __name__ == "__main__":
 		stdout.setFormatter(Formatter(fmt))
 	logSys.addHandler(stdout)
 	print
 	print "Running tests"
 	print "============="
 	print
 	cmd_log, cmd_regex = args[:2]
 	fail2banRegex.readRegex(cmd_regex, 'fail') or sys.exit(-1)
@ -489,6 +493,7 @@ if __name__ == "__main__":
 			sys.exit(-1)
 		myjournal = journal.Reader(converters={'__CURSOR': lambda x: x})
 		journalmatch = fail2banRegex._journalmatch
 		fail2banRegex.setDatePattern("ISO8601")
 		if journalmatch:
 			try:
 				for element in journalmatch:
--- a/fail2ban/client/beautifier.py
+++ b/fail2ban/client/beautifier.py
@ -123,6 +123,8 @@ class Beautifier:
 				msg = "Current date pattern set to: "
 				if response is None:
 					msg = msg + "Default Detectors"
 				elif response[0] is None:
 					msg = msg + "%s" % response[1]
 				else:
 					msg = msg + "%s (%s)" % response
 			elif inC[2] in ("ignoreip", "addignoreip", "delignoreip"):
--- a/fail2ban/server/filter.py
+++ b/fail2ban/server/filter.py
@ -28,7 +28,7 @@ from failmanager import FailManager
 from ticket import FailTicket
 from jailthread import JailThread
 from datedetector import DateDetector
-from datetemplate import DatePatternRegex
+from datetemplate import DatePatternRegex, DateISO8601, DateEpoch, DateTai64n
 from mytime import MyTime
 from failregex import FailRegex, Regex, RegexException
@ -199,6 +199,16 @@ class Filter(JailThread):
 	def setDatePattern(self, pattern):
 		dateDetector = DateDetector()
 		if pattern.upper() == "ISO8601":
 			template = DateISO8601()
 			template.setName("ISO8601")
 		elif pattern.upper() == "EPOCH":
 			template = DateEpoch()
 			template.setName("Epoch")
 		elif pattern.upper() == "TAI64N":
 			template = DateTai64n()
 			template.setName("TAI64N")
 		else:
 			template = DatePatternRegex()
 			if pattern[0] == "^": # Special extra to enable anchor
 				template.setPattern(pattern[1:], anchor=True)
@ -221,9 +231,12 @@ class Filter(JailThread):
 		if len(templates) > 1:
 			return None # Default Detectors in use
 		elif len(templates) == 1:
 			if hasattr(templates[0], "getPattern"):
 				pattern =  templates[0].getPattern()
 				if templates[0].getRegex()[0] == "^":
 					pattern = "^" + pattern
 			else:
 				pattern = None
 			return pattern, templates[0].getName()
 	##
--- a/fail2ban/server/filtersystemd.py
+++ b/fail2ban/server/filtersystemd.py
@ -57,6 +57,7 @@ class FilterSystemd(JournalFilter): # pragma: systemd no cover
 		# Initialise systemd-journal connection
 		self.__journal = journal.Reader(converters={'__CURSOR': lambda x: x})
 		self.__matches = []
 		self.setDatePattern("ISO8601")
 		logSys.debug("Created FilterSystemd")
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@ -239,6 +239,12 @@ class Transmitter(TransmitterBase):
 		self.setGetTest("datepattern", "%%%Y%m%d%H%M%S",
 			("%%%Y%m%d%H%M%S", "%YearMonthDay24hourMinuteSecond"),
 			jail=self.jailName)
 		self.setGetTest(
 			"datepattern", "Epoch", (None, "Epoch"), jail=self.jailName)
 		self.setGetTest(
 			"datepattern", "TAI64N", (None, "TAI64N"), jail=self.jailName)
 		self.setGetTest(
 			"datepattern", "ISO8601", (None, "ISO8601"), jail=self.jailName)
 		self.setGetTestNOK("datepattern", "%Cat%a%%%g", jail=self.jailName)
 	def testJailUseDNS(self):
--- a/man/jail.conf.5
+++ b/man/jail.conf.5
@ -183,6 +183,9 @@ The following are acceptable format fields (see strptime(3) for descriptions):
 .nf
 %% %a %A %b %B %d %H %I %j %m %M %p %S %U %w %W %y %Y
 .fi
 .br
 Also, special values of \fIEpoch\fR (UNIX Timestamp), \fITAI64N\fR and \fIISO8601\fR can be used.
 .TP
 \fBjournalmatch\fR
 specifies the systemd journal match used to filter the journal entries. See \fBjournalctl(1)\fR and \fBsystemd.journal-fields(7)\fR for matches syntax and more details on special journal fields. This option is only valid for the \fIsystemd\fR backend.