# HG changeset patch
# User IBBoard <dev@ibboard.co.uk>
# Date 1550005491 0
# Node ID 893391e42d94b498038b772a27b9bcfd42791bff
# Parent  8fa6623f1e5fb69be72afed47ef35b53e5d0df2f
Update logwatch fail2ban handling for v0.10 log changes

 * Ignore "Flush tickets"
 * Tighten regex so "[rule] Restore Ban" doesn't become separate
   "rule] Restore"

diff -r 8fa6623f1e5f -r 893391e42d94 common/logwatch/services-fail2ban
--- a/common/logwatch/services-fail2ban	Sun Feb 10 19:30:34 2019 +0000
+++ b/common/logwatch/services-fail2ban	Tue Feb 12 21:04:51 2019 +0000
@@ -2,6 +2,9 @@
 # $Id: fail2ban 226 2014-09-09 11:07:27Z stefjakobs $
 ##########################################################################
 # $Log: fail2ban,v $
+# Revision 1.5b - IBBoard
+# Patched up to cover fail2ban 0.10
+#
 # Revision 1.5a - IBBoard
 # Patched up to what we see on CentOS 6 w/fail2ban-0.9.2
 #
@@ -89,7 +92,7 @@
 	if ( $Debug >= 6 ) {
 	    print STDERR "DEBUG($DebugCounter): line ignored\n";
 	}
-    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {
+    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(?:Restore )?(Ban|Unban)[^\.]* (\S+)/)) {
 	if ( $Debug >= 6 ) {
 	    print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
 	}
@@ -115,6 +118,8 @@
 	    $ReInitializations++;
     } elsif ($ThisLine =~ /..,... WARNING:  is not a valid IP address/) {
 	# just ignore - this will be fixed within fail2ban and is harmless warning
+    } elsif ($ThisLine =~ /Flush ticket\(s\)/) {
+        # just ignore - this is fail2ban 0.10 doing a quick shutdown/restart
     }
     else
     {