implements special datepattern `{NONE}` - allow to find failures without date-time in log messages (filter use now as timestamp)

closes gh-2802
2020-08-20 20:27:39 +02:00 · 2020-08-20 20:27:39 +02:00 · f21c58dc72
parent b82f584a96
commit f21c58dc72
3 changed files with 26 additions and 1 deletions
--- a/fail2ban/server/datedetector.py
+++ b/fail2ban/server/datedetector.py
@ -282,6 +282,8 @@ class DateDetector(object):
 				elif "{DATE}" in key:
 					self.addDefaultTemplate(preMatch=pattern, allDefaults=False)
 					return
+				elif key == "{NONE}":
+					template = _getPatternTemplate('{UNB}^', key)
 				else:
 					template = _getPatternTemplate(pattern, key)

--- a/fail2ban/server/filter.py
+++ b/fail2ban/server/filter.py
@ -625,6 +625,11 @@ class Filter(JailThread):
 						self.__lastDate = date
 					else:
 						logSys.error("findFailure failed to parse timeText: %s", m)
+				else:
+					# matched empty value - date is optional or not available - set it to now:
+					date = MyTime.time()
+					self.__lastTimeText = ""
+					self.__lastDate = date
 			else:
 				tupleLine = ("", "", line)
 			# still no date - try to use last known:
@ -651,7 +656,6 @@ class Filter(JailThread):
 			else:
 				# in initialization (restore) phase, if too old - ignore:
 				if date is not None and date < MyTime.time() - self.getFindTime():
-					print('**********')
 					# log time zone issue as warning once per day:
 					self._logWarnOnce("_next_ignByTimeWarn",
 						("Ignore line since time %s < %s - %s",
--- a/fail2ban/tests/fail2banregextestcase.py
+++ b/fail2ban/tests/fail2banregextestcase.py
@ -81,6 +81,7 @@ def _test_exec_command_line(*args):
 	return _exit_code

 STR_00 = "Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 192.0.2.0"
+STR_00_NODT = "[sshd] error: PAM: Authentication failure for kevin from 192.0.2.0"

 RE_00 = r"(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>"
 RE_00_ID = r"Authentication failure for <F-ID>.*?</F-ID> from <ADDR>$"
@ -361,6 +362,24 @@ class Fail2banRegexTest(LogCaptureTestCase):
 		self.assertLogged('192.0.2.0, kevin, inet4')
 		self.pruneLog()

+	def testNoDateTime(self):
+		# datepattern doesn't match:
+		self.assertTrue(_test_exec('-d', '{^LN-BEG}EPOCH', '-o', 'Found-ID:<F-ID>', STR_00_NODT, RE_00_ID))
+		self.assertLogged(
+			"Found a match but no valid date/time found",
+			"Match without a timestamp:",
+			"Found-ID:kevin", all=True)
+		self.pruneLog()
+		# explicitly no datepattern:
+		self.assertTrue(_test_exec('-d', '{NONE}', '-o', 'Found-ID:<F-ID>', STR_00_NODT, RE_00_ID))
+		self.assertLogged(
+			"Found-ID:kevin", all=True)
+		self.assertNotLogged(
+			"Found a match but no valid date/time found",
+			"Match without a timestamp:", all=True)
+
+		self.pruneLog()
+
 	def testFrmtOutputWrapML(self):
 		unittest.F2B.SkipIfCfgMissing(stock=True)
 		# complex substitution using tags and message (ip, user, msg):