Hello,

I'm working with fail2ban-regex (from fail2ban-0.8.4-23.el5 RPM from the Fedora EPEL repo), on 2.6.18-274.7.1.el5 #1 SMP x86_64 GNU/Linux Red Hat Enterprise Linux Server release 5.7 running Python 2.4.3.

I'm trying to get it to detect a hit in a log, and am encountering what looks like a bug related to detecting the date in the log.

$ fail2ban-regex '01-27-2012 16:22:44.252 FTP [10.70.24.117]' 'FTP \[<HOST>\]'

Running tests
=============

Use regex line : FTP \[<HOST>\]
Use single line: 01-27-2012 16:22:44.252 FTP [10.70.24.117]

Traceback (most recent call last):
  File "/usr/bin/fail2ban-regex", line 385, in ?
    fail2banRegex.testRegex(sys.argv[1])
  File "/usr/bin/fail2ban-regex", line 225, in testRegex
    ret = self.__filter.processLine(line)
  File "/usr/share/fail2ban/server/filter.py", line 265, in processLine
    return self.findFailure(timeLine, logLine)
  File "/usr/share/fail2ban/server/filter.py", line 311, in findFailure
    date = self.dateDetector.getUnixTime(timeLine)
  File "/usr/share/fail2ban/server/datedetector.py", line 161, in getUnixTime
    date = self.getTime(line)
  File "/usr/share/fail2ban/server/datedetector.py", line 150, in getTime
    date = template.getDate(line)
  File "/usr/share/fail2ban/server/datetemplate.py", line 140, in getDate
    date = list(time.strptime(conv, pattern))
  File "/usr/lib64/python2.4/_strptime.py", line 287, in strptime
    format_regex = time_re.compile(format)
  File "/usr/lib64/python2.4/_strptime.py", line 264, in compile
    return re_compile(self.pattern(format), IGNORECASE)
  File "/usr/lib64/python2.4/sre.py", line 180, in compile
    return _compile(pattern, flags)
  File "/usr/lib64/python2.4/sre.py", line 227, in _compile
    raise error, v # invalid expression
sre_constants.error: redefinition of group name 'Y' as group 7; was group 3
$


Any advice?

Thanks!
_____________________________________________________________________________________________________
John Delisle | Sr Technical Analyst | Ceridian Canada Ltd. | ceridian.ca
400 – 125 Garry Street | Winnipeg, MB R3C 3P2 | p: 204-975-5909 | john_delisle@ceridian.ca

 

This communication is intended to be received only by the individual[s] or entity[s] to whom or to which it is addressed, and contains information which is confidential, privileged and subject to copyright. Any unauthorized use, copying, review or disclosure is prohibited. Please notify the sender immediately if you have received this communication in error [by calling collect, if necessary] so that we can arrange for its return at our expense. Thank you in advance for your anticipated assistance and cooperation.

 

 

Cette communication est destinée uniquement à la personne ou à la personne morale à qui elle est adressée. Elle contient de l’information confidentielle, protégée par le secret professionnel et sujette à des droits d'auteurs. Toute utilisation, reproduction, consultation ou divulgation non autorisées sont interdites. Nous vous prions d’aviser immédiatement l’expéditeur si vous avez reçu cette communication par erreur (en appelant à frais virés, si nécessaire), afin que nous puissions prendre des dispositions pour en assurer le renvoi à nos frais. Nous vous remercions à l’avance de votre coopération.