From 83f626c4aae7fbe4251290f8d4fd88e6b9aeb92b Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Fri, 24 May 2019 15:53:16 +0200
Subject: [PATCH 1/2] (grave) closes gh-2431: replace newlines in message from
 systemd journal (otherwise multi-line parsing is broken, because removal of
 matched string from multi-line buffer window is confused by extra new-lines,
 so they are retained and got matched on every followed message).

---
 fail2ban/server/filtersystemd.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban/server/filtersystemd.py b/fail2ban/server/filtersystemd.py
index 15c90548..20d9d70e 100644
--- a/fail2ban/server/filtersystemd.py
+++ b/fail2ban/server/filtersystemd.py
@@ -232,7 +232,7 @@ class FilterSystemd(JournalFilter): # pragma: systemd no cover
 		logSys.debug("Read systemd journal entry: %r" %
 			"".join([date.isoformat(), logline]))
 		## use the same type for 1st argument:
-		return ((logline[:0], date.isoformat(), logline),
+		return ((logline[:0], date.isoformat(), logline.replace('\n', '\\n')),
 			time.mktime(date.timetuple()) + date.microsecond/1.0E6)
 
 	def seekToTime(self, date):

From 3b51c005f835d526a4521e745fa1ce8b860b9725 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Fri, 24 May 2019 16:17:06 +0200
Subject: [PATCH 2/2] update ChangeLog (multi-line parsing fix, gh-2431)

---
 ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 8e45cd7c..63e5e4a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,11 @@ ver. 0.10.5-dev-1 (20??/??/??) - development edition
 -----------
 
 ### Fixes
+* [grave] fixed parsing of multi-line filters (`maxlines` > 1) together with systemd backend,
+  now systemd-filter replaces newlines in message from systemd journal with `\n` (otherwise 
+  multi-line parsing may be broken, because removal of matched string from multi-line buffer window
+  is confused by such extra new-lines, so they are retained and got matched on every followed 
+  message, see gh-2431)
 * fixed read of included config-files (`.local` overwrites options of `.conf` for config-files 
   included with before/after)
 * `action.d/helpers-common.conf`: rewritten grep arguments, now options `-wF` used to match only