Mercurial > repos > other > Puppet
changeset 192:893391e42d94 puppet-3.6
Update logwatch fail2ban handling for v0.10 log changes
* Ignore "Flush tickets"
* Tighten regex so "[rule] Restore Ban" doesn't become separate
"rule] Restore"
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Tue, 12 Feb 2019 21:04:51 +0000 |
| parents | 8fa6623f1e5f |
| children | 9de3c4d597e9 |
| files | common/logwatch/services-fail2ban |
| diffstat | 1 files changed, 6 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/common/logwatch/services-fail2ban Sun Feb 10 19:30:34 2019 +0000 +++ b/common/logwatch/services-fail2ban Tue Feb 12 21:04:51 2019 +0000 @@ -2,6 +2,9 @@ # $Id: fail2ban 226 2014-09-09 11:07:27Z stefjakobs $ ########################################################################## # $Log: fail2ban,v $ +# Revision 1.5b - IBBoard +# Patched up to cover fail2ban 0.10 +# # Revision 1.5a - IBBoard # Patched up to what we see on CentOS 6 w/fail2ban-0.9.2 # @@ -89,7 +92,7 @@ if ( $Debug >= 6 ) { print STDERR "DEBUG($DebugCounter): line ignored\n"; } - } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) { + } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(?:Restore )?(Ban|Unban)[^\.]* (\S+)/)) { if ( $Debug >= 6 ) { print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n"; } @@ -115,6 +118,8 @@ $ReInitializations++; } elsif ($ThisLine =~ /..,... WARNING: is not a valid IP address/) { # just ignore - this will be fixed within fail2ban and is harmless warning + } elsif ($ThisLine =~ /Flush ticket\(s\)/) { + # just ignore - this is fail2ban 0.10 doing a quick shutdown/restart } else {