Dang. Would it be sensible to for example use syslog to generate a separate log for sshd entries? Like so? syslog -w -T ISO8601 | grep sshd >> alt_sshd.log
I wonder how much overhead this would cause? And I guess an appropriate log rotation entry to /etc/newsyslog.conf would also be in order. > On 6.1.2015, at 20:09, Benjamin Bernier <[email protected]> wrote: > > if you can't get your ssh logs too log somewhere with a year, and if you cant > edit the timestamp protocol from RFC 3164 to RFC 5424, you may be out of luck > > http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_%2810.5%29 > > On Tue, Jan 6, 2015 at 1:02 PM, Palvelin Postmaster <[email protected]> > wrote: > Dear fellow subscribers, > > based on the fail2ban-regex output below, I'm guessing fail2ban (0.8.14) has > a problem with the default syslogd date format in OS X (Yosemite). If that's > the case, is there a way to make it handle the format, which is 'Jan 6 > 16:50:00'? > > > sh-3.2# fail2ban-regex /var/log/system.log /etc/fail2ban/filter.d/sshd.conf > > Running tests > ============= > > Use failregex file : /etc/fail2ban/filter.d/sshd.conf > Use log file : /var/log/system.log > > Traceback (most recent call last): > File "/usr/local/bin/fail2ban-regex", line 445, in <module> > fail2banRegex.process(test_lines) > File "/usr/local/bin/fail2ban-regex", line 268, in process > line_datetimestripped, ret = fail2banRegex.testRegex(line) > File "/usr/local/bin/fail2ban-regex", line 244, in testRegex > line, ret = self._filter.processLine(line, checkAllRegex=True) > File "/usr/share/fail2ban/server/filter.py", line 374, in processLine > return logLine, self.findFailure(timeLine, logLine, returnRawHost, > checkAllRegex) > File "/usr/share/fail2ban/server/filter.py", line 426, in findFailure > date = self.dateDetector.getUnixTime(timeLine) > File "/usr/share/fail2ban/server/datedetector.py", line 215, in getUnixTime > date = self.getTime(line) > File "/usr/share/fail2ban/server/datedetector.py", line 203, in getTime > date = template.getDate(line) > File "/usr/share/fail2ban/server/datetemplate.py", line 219, in getDate > date = list(iso8601.parse_date(value).timetuple()) > File "/usr/share/fail2ban/server/iso8601.py", line 131, in parse_date > % e) > server.iso8601.ParseError: Failed to create a valid datetime record due to: > year is out of range > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming! The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
