From 00a0e980417de8524d0fef4210e840ecaae5bbc0 Mon Sep 17 00:00:00 2001
From: Matt Stancliff <matt@genges.com>
Date: Thu, 5 Jul 2018 12:29:41 -0400
Subject: [PATCH 1/2] Load logpath only after findtime is configured

When new log paths are configured, their start offset is immediately determined
by a filter searching for (now - findTime).
But, since findTime is configured *after* the log is loaded and
searched, logs are only searched back by the default 10 minute findTime,
regardless of user configuration of jail settings.

So, findTime must be configured before logpath or else the default findtime
is used, which ignores any findtime time defined by the user.

This fixes new reads on startup for actual log files. The systemd filter
always performed as expected due to being setup after the jail's
findtime config submission.
---
 fail2ban/client/jailreader.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py
index 651bbc37..3ec68cbb 100644
--- a/fail2ban/client/jailreader.py
+++ b/fail2ban/client/jailreader.py
@@ -90,12 +90,12 @@ class JailReader(ConfigReader):
 		opts1st = [["bool", "enabled", False],
 				["string", "filter", ""]]
 		opts = [["bool", "enabled", False],
-				["string", "logpath", None],
-				["string", "logtimezone", None],
-				["string", "logencoding", None],
 				["string", "backend", "auto"],
 				["int",    "maxretry", None],
 				["string", "findtime", None],
+				["string", "logpath", None],
+				["string", "logtimezone", None],
+				["string", "logencoding", None],
 				["string", "bantime", None],
 				["string", "usedns", None], # be sure usedns is before all regex(s) in stream
 				["string", "failregex", None],

From 1eb93e2556d9b720885ae16179bbed5ee8659538 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Fri, 6 Jul 2018 17:04:10 +0200
Subject: [PATCH 2/2] filter.py: repair start-time of initial seek to time
 (regardless the position of `findtime` option in config); jailreader.py:
 additionally relocate the option `logpath` after all log-related data
 (backend, date-pattern, etc) that may be needed by the first usage (gh-2173).
 Thanks to Matt Stancliff (mattsta)

---
 fail2ban/client/jailreader.py |  6 +++---
 fail2ban/server/filter.py     | 30 +++++++++++++++---------------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py
index 3ec68cbb..72bf780d 100644
--- a/fail2ban/client/jailreader.py
+++ b/fail2ban/client/jailreader.py
@@ -93,9 +93,6 @@ class JailReader(ConfigReader):
 				["string", "backend", "auto"],
 				["int",    "maxretry", None],
 				["string", "findtime", None],
-				["string", "logpath", None],
-				["string", "logtimezone", None],
-				["string", "logencoding", None],
 				["string", "bantime", None],
 				["string", "usedns", None], # be sure usedns is before all regex(s) in stream
 				["string", "failregex", None],
@@ -105,6 +102,9 @@ class JailReader(ConfigReader):
 				["string", "ignoreip", None],
 				["string", "filter", ""],
 				["string", "datepattern", None],
+				["string", "logtimezone", None],
+				["string", "logencoding", None],
+				["string", "logpath", None], # logpath after all log-related data (backend, date-pattern, etc)
 				["string", "action", ""]]
 
 		# Before interpolation (substitution) add static options always available as default:
diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py
index 9ffc9177..2e4f896b 100644
--- a/fail2ban/server/filter.py
+++ b/fail2ban/server/filter.py
@@ -887,9 +887,6 @@ class FileFilter(Filter):
 			self.__logs[path] = log
 			logSys.info("Added logfile: %r (pos = %s, hash = %s)" , path, log.getPos(), log.getHash())
 			if autoSeek:
-				# if default, seek to "current time" - "find time":
-				if isinstance(autoSeek, bool):
-					autoSeek = MyTime.time() - self.getFindTime()
 				self.__autoSeek[path] = autoSeek
 			self._addLogPath(path)			# backend specific
 
@@ -999,18 +996,21 @@ class FileFilter(Filter):
 				return False
 
 			# seek to find time for first usage only (prevent performance decline with polling of big files)
-			if self.__autoSeek.get(filename):
-				startTime = self.__autoSeek[filename]
-				del self.__autoSeek[filename]
-				# prevent completely read of big files first time (after start of service), 
-				# initial seek to start time using half-interval search algorithm:
-				try:
-					self.seekToTime(log, startTime)
-				except Exception as e: # pragma: no cover
-					logSys.error("Error during seek to start time in \"%s\"", filename)
-					raise
-					logSys.exception(e)
-					return False
+			if self.__autoSeek:
+				startTime = self.__autoSeek.pop(filename, None)
+				if startTime:
+					# if default, seek to "current time" - "find time":
+					if isinstance(startTime, bool):
+						startTime = MyTime.time() - self.getFindTime()
+					# prevent completely read of big files first time (after start of service), 
+					# initial seek to start time using half-interval search algorithm:
+					try:
+						self.seekToTime(log, startTime)
+					except Exception as e: # pragma: no cover
+						logSys.error("Error during seek to start time in \"%s\"", filename)
+						raise
+						logSys.exception(e)
+						return False
 
 			if has_content:
 				while not self.idle: