extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added;

9 years ago · de813acf51
parent 3e49522b7a
commit de813acf51
3 changed files with 8 additions and 1 deletions
--- a/2
+++ b/2
@ -21,6 +21,8 @@ ver. 0.9.5 (2016/XX/XXX) - wanna-be-released
   * filter.d/common.conf
     - unexpected extra regex-space in generic `__prefix_line` (gh-1405)
     - all optional spaces normalized in `common.conf`, test covered now
+     - generic `__prefix_line` extended with optional brackets for the date ambit (gh-1421),
+       added new parameter `__date_ambit`

 - New Features:
   * New Actions:
--- a/config/filter.d/common.conf
+++ b/config/filter.d/common.conf
@ -46,12 +46,14 @@ __md5hex = (?:[\da-f]{2}:){15}[\da-f]{2}
 # <auth.info> appearing before the host as per testcases/files/logs/bsd/*.
 __bsd_syslog_verbose = <[^.]+\.[^.]+>

+__date_ambit = \[\]
+
 # Common line prefixes (beginnings) which could be used in filters
 #
 #      [bsdverbose]? [hostname] [vserver tag] daemon_id spaces
 #
 # This can be optional (for instance if we match named native log files)
-__prefix_line = \s*(?:(?:%(__bsd_syslog_verbose)s)\s*)?(?:(?:%(__hostname)s)\s*)?(?:(?:%(__kernel_prefix)s)\s*)?(?:(?:@vserver_\S+)\s*)?(?:(?:%(__daemon_combs_re)s)\s*)?(?:(?:%(__daemon_extra_re)s)\s*)?
+__prefix_line = (?:%(__date_ambit)s)?\s*(?:(?:%(__bsd_syslog_verbose)s)\s*)?(?:(?:%(__hostname)s)\s*)?(?:(?:%(__kernel_prefix)s)\s*)?(?:(?:@vserver_\S+)\s*)?(?:(?:%(__daemon_combs_re)s)\s*)?(?:(?:%(__daemon_extra_re)s)\s*)?

 # PAM authentication mechanism check for failures, e.g.: pam_unix, pam_sss,
 # pam_ldap
--- a/fail2ban/tests/files/logs/zzz-generic-example
+++ b/fail2ban/tests/files/logs/zzz-generic-example
@ -26,3 +26,6 @@ Jun 21 16:55:01 <auth.info> machine kernel: [  970.699396] @vserver_demo test-de
 # -- the same as above with additional spaces around --
 # failJSON: { "time": "2005-06-21T16:55:02", "match": true , "host": "192.0.2.3" }
 Jun 21 16:55:02   <auth.info> machine kernel: [  970.699396] @vserver_demo test-demo(pam_unix)[13709] [ID 255 test]    F2B: failure from 192.0.2.3
+# -- the same as above with brackets as date ambit --
+# failJSON: { "time": "2005-06-21T16:55:03", "match": true , "host": "192.0.2.3" }
+[Jun 21 16:55:03] <auth.info> machine kernel: [  970.699396] @vserver_demo test-demo(pam_unix)[13709] [ID 255 test] F2B: failure from 192.0.2.3