ENH+BF: Allow multi lines regex to be tested with samples test case

Multi line regex currently only flags on last line, and other lines must be labelled as not matched. TODO: Create extension to fail JSON data to allow tying together of multiple lines
2013-07-16 23:47:28 +01:00 · 2013-07-16 23:47:28 +01:00 · c61ba9f0de
parent 774c9ce4fd
commit c61ba9f0de
3 changed files with 14 additions and 0 deletions
--- a/fail2ban/tests/files/logs/guacamole
+++ b/fail2ban/tests/files/logs/guacamole
@ -1,6 +1,12 @@
+# failJSON: { "match": false }
 apr 15, 2013 8:34:08 PM org.slf4j.impl.JCLLoggerAdapter warn
+# failJSON: { "time": "2013-04-15T20:34:08", "match": true , "host": "192.0.2.0" }
 WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
+# failJSON: { "match": false }
 apr 16, 2013 8:32:13 AM org.slf4j.impl.JCLLoggerAdapter warn
+# failJSON: { "time": "2013-04-16T08:32:13", "match": true , "host": "192.0.2.0" }
 WARNING: Authentication attempt from 192.0.2.0 for user "null" failed.
+# failJSON: { "match": false }
 apr 16, 2013 8:32:28 AM org.slf4j.impl.JCLLoggerAdapter warn
+# failJSON: { "time": "2013-04-16T08:32:28", "match": true , "host": "192.0.2.0" }
 WARNING: Authentication attempt from 192.0.2.0 for user "pippo" failed.
--- a/fail2ban/tests/files/logs/sshd
+++ b/fail2ban/tests/files/logs/sshd
@ -79,9 +79,15 @@ Apr 29 18:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error
 Jun 25 23:53:34 [sshd] User root from 1.2.3.4 not allowed because not listed in AllowUsers

 #12
+# failJSON: { "match": false }
 Apr 24 01:39:19 host sshd[3719]: User root not allowed because account is locked
+# failJSON: { "match": false }
 Apr 24 01:39:19 host sshd[3719]: input_userauth_request: invalid user root [preauth]
+# failJSON: { "time": "2005-04-24T01:39:19", "match": true , "host": "198.51.100.34" }
 Apr 24 01:39:19 host sshd[3719]: error: Received disconnect from 198.51.100.34: 11: Bye Bye [preauth]
+# failJSON: { "match": false }
 May 27 00:16:33 host sshd[2364]: User root not allowed because account is locked
+# failJSON: { "match": false }
 May 27 00:16:33 host sshd[2364]: input_userauth_request: invalid user root [preauth]
+# failJSON: { "time": "2005-05-27T00:16:33", "match": true , "host": "198.51.100.76" }
 May 27 00:16:33 host sshd[2364]: Received disconnect from 198.51.100.76: 11: Bye Bye [preauth]
--- a/fail2ban/tests/samplestestcase.py
+++ b/fail2ban/tests/samplestestcase.py
@ -72,6 +72,8 @@ def testSampleRegexsFactory(name):
 		for opt in filterConf.convert():
 			if opt[2] == "addfailregex":
 				self.filter.addFailRegex(opt[3])
+			elif opt[2] == "maxlines":
+				self.filter.setMaxLines(opt[3])

 		if not self.filter.getFailRegex():
 			# No fail regexs set: likely just common file for includes.