Re: [Fail2ban-users] failregex do not match UTF-8 encoded text

Thu, 10 Sep 2015 03:32:00 -0700 


On Thu, 10 Sep 2015, Miroslav Geisselreiter wrote:


This is true but you tested with dots. It works for me too. What is strange: 
I tried:
$ fail2ban-regex 'Sep 9 09:20:57 [ERROR] N/A (intar.cz) from 192.168.1.176: 
Chyba: Spojení s IMAP serverem bylo přerušeno. Query: LOGOUT ' 
'\[ERROR\].*from <HOST>:  Chyba: Spojení s IMAP serverem bylo přerušeno. 
Query: LOGOUT $'
and it works too! But if I check against logfile - my first post (not on one 
command line as above) it does not work:

$ fail2ban-regex /var/log/sqm.log /etc/fail2ban/filter.d/sqm.conf

I attach logfile and filter files for testing purposes.


Thanks. You're right, it looks like a bug, confirmed.

Running

fail2ban-regex -D sqm.log '\[ERROR\].*from <HOST>:  Chyba: Spojení s IMAP 
serverem bylo přerušeno. Query: LOGOUT $'

reveals slightly more insight:

[...]

UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 38: 
ordinal not in range(128)


but unfortunately my attempts to find a workaround for this, (based on 
http://stackoverflow.com/questions/2276200/changing-default-encoding-of-python/7892892#7892892), 
like


$ echo "import sys; sys.setdefaultencoding('utf-8')" > sitecustomize.py
$ PYTHONPATH=".:$PYTHONPATH" fail2ban-regex -D sqm.log '\[ERROR\].*from <HOST>: 
 Chyba: Spojení s IMAP serverem bylo přerušeno. Query: LOGOUT $'

doesn't really solve the issue; with it, regexp match seems not to work any 
more.

I'm not sure how much this is a fail2ban issue or a local/CentOS' python 
installed version issue.

Unfortunately, I can't go further now with this. Hope you get it solved!

Best regards,

Iosif Fettich


------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to