if you can't get your ssh logs too log somewhere with a year, and if you
cant edit the timestamp protocol from RFC 3164 to RFC 5424, you may be out
of luck
http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_%2810.5%29
On Tue, Jan 6, 2015 at 1:02 PM, Palvelin Postmaster <[email protected]>
wrote:
> Dear fellow subscribers,
>
> based on the fail2ban-regex output below, I'm guessing fail2ban (0.8.14)
> has a problem with the default syslogd date format in OS X (Yosemite). If
> that's the case, is there a way to make it handle the format, which is
> 'Jan 6 16:50:00'?
>
>
> sh-3.2# fail2ban-regex /var/log/system.log /etc/fail2ban/filter.d/sshd.conf
>
> Running tests
> =============
>
> Use failregex file : /etc/fail2ban/filter.d/sshd.conf
> Use log file : /var/log/system.log
>
> Traceback (most recent call last):
> File "/usr/local/bin/fail2ban-regex", line 445, in <module>
> fail2banRegex.process(test_lines)
> File "/usr/local/bin/fail2ban-regex", line 268, in process
> line_datetimestripped, ret = fail2banRegex.testRegex(line)
> File "/usr/local/bin/fail2ban-regex", line 244, in testRegex
> line, ret = self._filter.processLine(line, checkAllRegex=True)
> File "/usr/share/fail2ban/server/filter.py", line 374, in processLine
> return logLine, self.findFailure(timeLine, logLine, returnRawHost,
> checkAllRegex)
> File "/usr/share/fail2ban/server/filter.py", line 426, in findFailure
> date = self.dateDetector.getUnixTime(timeLine)
> File "/usr/share/fail2ban/server/datedetector.py", line 215, in
> getUnixTime
> date = self.getTime(line)
> File "/usr/share/fail2ban/server/datedetector.py", line 203, in getTime
> date = template.getDate(line)
> File "/usr/share/fail2ban/server/datetemplate.py", line 219, in getDate
> date = list(iso8601.parse_date(value).timetuple())
> File "/usr/share/fail2ban/server/iso8601.py", line 131, in parse_date
> % e)
> server.iso8601.ParseError: Failed to create a valid datetime record due
> to: year is out of range
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
