On Fri, Jun 22, 2018 at 09:11:06PM +0200, Ed Schouten wrote: > Hi Marek, > > [ +glebius ] > > Thanks for reporting this! > > 2018-06-22 18:54 GMT+02:00 Michael Grimm <trash...@ellael.org>: > >> Failed to parse TIMESTAMP from x.x.x.x: 12403: Jun 22 17:31:38 CEST: > >> %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/17, > >> changed state to down > > > > Ah, yes! Haven't thought about running syslogd in debugging mode: > > > > Failed to parse TIMESTAMP from x.x.x.x: fail2ban.filter [79598]: > > INFO […] > > This is interesting. As fail2ban uses Python's logging framework, I > managed to reproduce this with the following script: > > #!/usr/bin/env python3 > import logging.handlers > logging.basicConfig(handlers=[ > logging.handlers.SysLogHandler( > '/var/run/log', facility=logging.handlers.SysLogHandler.LOG_LOCAL7) > ]) > logging.warning('Hi') > > This will write the following message to syslogd: > > sendto(3,"<188>WARNING:root:Hi\0",21,0,NULL,0) = 21 (0x15) > > This message gets rejected by syslogd, due to the change made in > r326573, which later got adjusted by me and subsequently MFCed: > > https://svnweb.freebsd.org/base?view=revision&revision=326573 > > Gleb, what are your thoughts on the attached patch? It alters syslogd > to let the 'legacy' RFC 3164 parser also accept messages without a > timestamp. The time on the syslogd server will be used instead. > > Michael, Marek, could you please give this patch a try? Thanks! > Hi Ed,
Thank you for expedited effort. Patch compiles fine and I can confirm, that it resolves the issue. -- Marek Zarychta
signature.asc
Description: PGP signature