On Tue, 8 Mar 2016, Yaroslav Halchenko wrote:
> > On Tue, 08 Mar 2016, Igor wrote: > > > >> Sorry, I am not sure if this had been discussed before. I did a quick >> search in the archives, but didn't see it. > >> I am suggesting that each filter file that is distributed with fail2ban >> should contain one ore more sample line(s) for each of the regex lines. > > >> Here is the rational behind this suggestion: >> 1. For people who are installing and configuring the package, it would >> allow seeing which lines those regexes are designde for. >> This would significantly simplify life for many people, and especially for >> those who are not as versatile with the complex regex syntax. >> But even for those who can easily read regex, it would save time and >> guess-work. > >> 2. For those people who might have (slightly) different logfile lines (for >> whatever reason), - it would make it easier adjusting the filter's regexes >> for their need. >> (It's easy to compare your line to that for which regex is written, >> rather than starting writing the regex from scratch or trying >> to reconstruct the original "offending" line.) > >> 3. This is in a spirit of test-driven software development. >> (The source tree of fail2ban tells me that fail2ban follows that.) > >> While in the simplest case, these "sample" lines would be >> commented out, one might be willing to make one additional step: >> Have a special variable (or a list/sequence), say >> sampleline = ['line1', 'line2', 'line3'] >> During the regular running as a server, fail2ban would not use it. >> But one can write a test module that would be helpful for further >> development of the core of the package (making sure that changes >> to the code wouldn't break the existing filters). >> This latter part might be already there, sorry, I didn't dig into the >> source code. > > >> I wonder what the development team thinks about this. > > not sure if we would insert those samples into config files since simply > they wouldn't suffice. But for each filter file we already have files > with sample lines and expected behaviors (match or not, what is the IP, > date, etc) under > > fail2ban/tests/files/logs > -- > Yaroslav, Thank you for the pointer to where the samples are. I am using fail2ban on FreeBSD. The way the package is installed (from the prebuilt "packages", not from sources) does not include the "tests" directory. So, I can see it only in the source tree on github.com. So, for a person who administers a server, it is hard to locate these samples (or even to be aware of their existence). I don't know if that is the specifics of how it is packaged by FreeBSD ports system, or if it is done in a similar way on Linux. My first reaction was: If it is specific to FreeBSD, I can try to contact the port maintainer and propose the changes on that end. But I suspect it might be similar for other OSes. So, then maybe there should be a directory "tests" installed at the same level as filter.d, action.d, jail.d. But having looked at the details of those example files, I realized that for some of them it is still very difficult to match which regex is for which sample log entry (see, e.g. filter.d/sshd.conf and the corresponding log sample file). I suspect that the numbers (#1, #2, etc.) are referring to the particular line sof the combined regex in the filter file, but it is still somewhat hard to match visually. Best regards, Igor ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140 _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
