Merge pull request #364 from kwirk/journal-datedetector

ENH: Journal datedetector - fail2ban-regex date pattern setting

bin/fail2ban-regex

@@ -198,16 +198,9 @@ class Fail2banRegex(object):
 		self._print_all_missed = opts.print_all_missed
 		self._print_all_ignored = opts.print_all_ignored
 		self._maxlines_set = False		  # so we allow to override maxlines in cmdline
+		self._datepattern_set = False
 		self._journalmatch = None
 
-		if opts.datepattern:
-			self.setDatePattern(opts.datepattern)
-
-		if opts.encoding:
-			self.encoding = opts.encoding
-		else:
-			self.encoding = locale.getpreferredencoding()
-
 		self._filter = Filter(None)
 		self._ignoreregex = list()
 		self._failregex = list()
@@ -217,9 +210,20 @@ class Fail2banRegex(object):
 			self.setMaxLines(opts.maxlines)
 		if opts.journalmatch is not None:
 			self.setJournalMatch(opts.journalmatch.split())
+		if opts.datepattern:
+			self.setDatePattern(opts.datepattern)
+		if opts.encoding:
+			self.encoding = opts.encoding
+		else:
+			self.encoding = locale.getpreferredencoding()
+
+
 
 	def setDatePattern(self, pattern):
-		self._filter.setDatePattern(pattern)
+		if not self._datepattern_set:
+			self._filter.setDatePattern(pattern)
+			self._datepattern_set = True
+			print "Use      datepattern : %s" % self._filter.getDatePattern()[1]
 
 	def setMaxLines(self, v):
 		if not self._maxlines_set:
@@ -425,6 +429,11 @@ if __name__ == "__main__":
 	parser = get_opt_parser()
 	(opts, args) = parser.parse_args()
 
+	print
+	print "Running tests"
+	print "============="
+	print
+
 	fail2banRegex = Fail2banRegex(opts)
 
 	# We need 2 or 3 parameters
@@ -462,11 +471,6 @@ if __name__ == "__main__":
 		stdout.setFormatter(Formatter(fmt))
 	logSys.addHandler(stdout)
 
-	print
-	print "Running tests"
-	print "============="
-	print
-
 	cmd_log, cmd_regex = args[:2]
 
 	fail2banRegex.readRegex(cmd_regex, 'fail') or sys.exit(-1)
@@ -489,6 +493,7 @@ if __name__ == "__main__":
 			sys.exit(-1)
 		myjournal = journal.Reader(converters={'__CURSOR': lambda x: x})
 		journalmatch = fail2banRegex._journalmatch
+		fail2banRegex.setDatePattern("ISO8601")
 		if journalmatch:
 			try:
 				for element in journalmatch:

fail2ban/client/beautifier.py

@@ -123,6 +123,8 @@ class Beautifier:
 				msg = "Current date pattern set to: "
 				if response is None:
 					msg = msg + "Default Detectors"
+				elif response[0] is None:
+					msg = msg + "%s" % response[1]
 				else:
 					msg = msg + "%s (%s)" % response
 			elif inC[2] in ("ignoreip", "addignoreip", "delignoreip"):

fail2ban/server/filter.py

@@ -28,7 +28,7 @@ from failmanager import FailManager
 from ticket import FailTicket
 from jailthread import JailThread
 from datedetector import DateDetector
-from datetemplate import DatePatternRegex
+from datetemplate import DatePatternRegex, DateISO8601, DateEpoch, DateTai64n
 from mytime import MyTime
 from failregex import FailRegex, Regex, RegexException
 
@@ -199,11 +199,21 @@ class Filter(JailThread):
 
 	def setDatePattern(self, pattern):
 		dateDetector = DateDetector()
-		template = DatePatternRegex()
+		if pattern.upper() == "ISO8601":
-		if pattern[0] == "^": # Special extra to enable anchor
+			template = DateISO8601()
-			template.setPattern(pattern[1:], anchor=True)
+			template.setName("ISO8601")
+		elif pattern.upper() == "EPOCH":
+			template = DateEpoch()
+			template.setName("Epoch")
+		elif pattern.upper() == "TAI64N":
+			template = DateTai64n()
+			template.setName("TAI64N")
 		else:
-			template.setPattern(pattern, anchor=False)
+			template = DatePatternRegex()
+			if pattern[0] == "^": # Special extra to enable anchor
+				template.setPattern(pattern[1:], anchor=True)
+			else:
+				template.setPattern(pattern, anchor=False)
 		dateDetector.appendTemplate(template)
 		self.dateDetector = dateDetector
 		logSys.info("Date pattern set to `%r`: `%s`" %
@@ -221,9 +231,12 @@ class Filter(JailThread):
 		if len(templates) > 1:
 			return None # Default Detectors in use
 		elif len(templates) == 1:
-			pattern =  templates[0].getPattern()
+			if hasattr(templates[0], "getPattern"):
-			if templates[0].getRegex()[0] == "^":
+				pattern =  templates[0].getPattern()
-				pattern = "^" + pattern
+				if templates[0].getRegex()[0] == "^":
+					pattern = "^" + pattern
+			else:
+				pattern = None
 			return pattern, templates[0].getName()
 
 	##

fail2ban/server/filtersystemd.py

@@ -57,6 +57,7 @@ class FilterSystemd(JournalFilter): # pragma: systemd no cover
 		# Initialise systemd-journal connection
 		self.__journal = journal.Reader(converters={'__CURSOR': lambda x: x})
 		self.__matches = []
+		self.setDatePattern("ISO8601")
 		logSys.debug("Created FilterSystemd")
 
 

fail2ban/tests/servertestcase.py

@@ -239,6 +239,12 @@ class Transmitter(TransmitterBase):
 		self.setGetTest("datepattern", "%%%Y%m%d%H%M%S",
 			("%%%Y%m%d%H%M%S", "%YearMonthDay24hourMinuteSecond"),
 			jail=self.jailName)
+		self.setGetTest(
+			"datepattern", "Epoch", (None, "Epoch"), jail=self.jailName)
+		self.setGetTest(
+			"datepattern", "TAI64N", (None, "TAI64N"), jail=self.jailName)
+		self.setGetTest(
+			"datepattern", "ISO8601", (None, "ISO8601"), jail=self.jailName)
 		self.setGetTestNOK("datepattern", "%Cat%a%%%g", jail=self.jailName)
 
 	def testJailUseDNS(self):

man/jail.conf.5

@@ -183,6 +183,9 @@ The following are acceptable format fields (see strptime(3) for descriptions):
 .nf
 %% %a %A %b %B %d %H %I %j %m %M %p %S %U %w %W %y %Y
 .fi
+.br
+
+Also, special values of \fIEpoch\fR (UNIX Timestamp), \fITAI64N\fR and \fIISO8601\fR can be used.
 .TP
 \fBjournalmatch\fR
 specifies the systemd journal match used to filter the journal entries. See \fBjournalctl(1)\fR and \fBsystemd.journal-fields(7)\fR for matches syntax and more details on special journal fields. This option is only valid for the \fIsystemd\fR backend.