when i start fail2ban it gives me error-messages
complaining
"2006-03-24 10:54:51,022 ERROR: time data did not match
format: data=Mar 21 10:00:50 fmt=%b %d %H:%M:%S
2006-03-24 10:54:51,024 ERROR: Please check the format
and your locale settings."
even though that this scheme applies to my system:
/var/log/messages:
"Mar 24 10:10:42 localhost sshd[10775]: Connection
closed by ::ffff:XX.X.X.XXX"
timeregex and timepattern are default:
"timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}"
"timepattern = %%b %%d %%H:%%M:%%S"
distribution is suse 9.2, fail2ban was compiled with
python 2.3+
Logged In: YES
user_id=933467
Could you post the output of the "locale" command?
Thank you
Logged In: NO
LANG=de_DE.UTF-8
LC_CTYPE="de_DE.UTF-8"
LC_NUMERIC="de_DE.UTF-8"
LC_TIME="de_DE.UTF-8"
LC_COLLATE="de_DE.UTF-8"
LC_MONETARY="de_DE.UTF-8"
LC_MESSAGES="de_DE.UTF-8"
LC_PAPER="de_DE.UTF-8"
LC_NAME="de_DE.UTF-8"
LC_ADDRESS="de_DE.UTF-8"
LC_TELEPHONE="de_DE.UTF-8"
LC_MEASUREMENT="de_DE.UTF-8"
LC_IDENTIFICATION="de_DE.UTF-8"
LC_ALL=
--this is the output from sue10 on which i encountered the
same problems - UTF8, german
Logged In: NO
LANG=de_DE.UTF-8
LC_CTYPE="de_DE.UTF-8"
LC_NUMERIC="de_DE.UTF-8"
LC_TIME="de_DE.UTF-8"
LC_COLLATE="de_DE.UTF-8"
LC_MONETARY="de_DE.UTF-8"
LC_MESSAGES="de_DE.UTF-8"
LC_PAPER="de_DE.UTF-8"
LC_NAME="de_DE.UTF-8"
LC_ADDRESS="de_DE.UTF-8"
LC_TELEPHONE="de_DE.UTF-8"
LC_MEASUREMENT="de_DE.UTF-8"
LC_IDENTIFICATION="de_DE.UTF-8"
LC_ALL=
--this is the output from sue10 on which i encountered the
same problems - UTF8, german
Logged In: NO
Same error here with German Debian (Sid)
[~ #] locale
LANG=de_DE.UTF-8
LC_CTYPE="de_DE.UTF-8"
LC_NUMERIC="de_DE.UTF-8"
LC_TIME="de_DE.UTF-8"
LC_COLLATE="de_DE.UTF-8"
LC_MONETARY="de_DE.UTF-8"
LC_MESSAGES="de_DE.UTF-8"
LC_PAPER="de_DE.UTF-8"
LC_NAME="de_DE.UTF-8"
LC_ADDRESS="de_DE.UTF-8"
LC_TELEPHONE="de_DE.UTF-8"
LC_MEASUREMENT="de_DE.UTF-8"
LC_IDENTIFICATION="de_DE.UTF-8"
LC_ALL=
Logged In: NO
Same here :
2006-04-03 19:49:17,307 ERROR: Please check the format and
your locale settings.
2006-04-03 19:49:17,308 ERROR: time data did not match
format: data=Apr 3 19:49:01 fmt=%b %d %H:%M:%S
LANG=fr_FR.UTF-8
LC_CTYPE=fr_FR.UTF-8
LC_NUMERIC=fr_FR.UTF-8
LC_TIME=fr_FR.UTF-8
LC_COLLATE=fr_FR.UTF-8
LC_MONETARY=fr_FR.UTF-8
LC_MESSAGES=fr_FR.UTF-8
LC_PAPER=fr_FR.UTF-8
LC_NAME=fr_FR.UTF-8
LC_ADDRESS=fr_FR.UTF-8
LC_TELEPHONE=fr_FR.UTF-8
LC_MEASUREMENT=fr_FR.UTF-8
LC_IDENTIFICATION=fr_FR.UTF-8
LC_ALL=
Python 2.4.1
Logged In: YES
user_id=675287
Same for me. But there's one thing that come to my mind.
During March the abbreviation of that month was 'Mar' either
in French or in English. Now we're in April and the french
abbrev is not Apr but Avr. My syslog-ng writes lines like
this ones in /var/log/messages:
Apr 12 16:45:32 marge sshd[20849]: Accepted publickey for
root from 192.168.0.2 port 2265 ssh2
As you can see this is the English abbrev even if all my
locales are in french:
marge log # locale
LANG=fr_FR@euro
LC_CTYPE="fr_FR@euro"
LC_NUMERIC="fr_FR@euro"
LC_TIME="fr_FR@euro"
LC_COLLATE="fr_FR@euro"
LC_MONETARY="fr_FR@euro"
LC_MESSAGES="fr_FR@euro"
LC_PAPER="fr_FR@euro"
LC_NAME="fr_FR@euro"
LC_ADDRESS="fr_FR@euro"
LC_TELEPHONE="fr_FR@euro"
LC_MEASUREMENT="fr_FR@euro"
LC_IDENTIFICATION="fr_FR@euro"
LC_ALL=fr_FR@euro
As is is written in the fail2ban.conf file, the %b refers to
the locale's abbreviated month name (as described in
http://rgruet.free.fr/PQR2.3.html#timeModule\). Unfortunately
it seems that syslog-ng writes the month in English
whatever the locales are.
Hth.
Christophe Garault
Logged In: YES
user_id=675287
It looks like using tai64n format solved the problem.
Logged In: NO
The same at FC3, Polish locale set.
[root@link ~]# locale
LANG=pl_PL
LC_CTYPE="pl_PL"
LC_NUMERIC="pl_PL"
LC_TIME="pl_PL"
LC_COLLATE="pl_PL"
LC_MONETARY="pl_PL"
LC_MESSAGES="pl_PL"
LC_PAPER="pl_PL"
LC_NAME="pl_PL"
LC_ADDRESS="pl_PL"
LC_TELEPHONE="pl_PL"
LC_MEASUREMENT="pl_PL"
LC_IDENTIFICATION="pl_PL"
LC_ALL=
[root@link ~]#
Logged In: NO
I noticed this problem on Debian Linux since May 1. While
logged in as root via ssh, locale returns:
LANG=de_DE@euro
LC_CTYPE="de_DE@euro"
LC_NUMERIC="de_DE@euro"
LC_TIME="de_DE@euro"
LC_COLLATE="de_DE@euro"
LC_MONETARY="de_DE@euro"
LC_MESSAGES="de_DE@euro"
LC_PAPER="de_DE@euro"
LC_NAME="de_DE@euro"
LC_ADDRESS="de_DE@euro"
LC_TELEPHONE="de_DE@euro"
LC_MEASUREMENT="de_DE@euro"
LC_IDENTIFICATION="de_DE@euro"
LC_ALL=
After restarting fail2ban with
LANG= /etc/init.d/fail2ban restart
the error message was gone. So probably the trouble was
triggered by manual (re)start of fail2ban.
Logged In: YES
user_id=933467
This is not fixed in Subversion repository yet.
For those who have this one, please try:
LANG=en_US /etc/init.d/fail2ban restart
Logged In: NO
Same for norwegian no_NO settings.
LANG=no_NO.UTF-8
LC_CTYPE="no_NO.UTF-8"
LC_NUMERIC="no_NO.UTF-8"
LC_TIME="no_NO.UTF-8"
LC_COLLATE="no_NO.UTF-8"
LC_MONETARY="no_NO.UTF-8"
LC_MESSAGES="no_NO.UTF-8"
LC_PAPER="no_NO.UTF-8"
LC_NAME="no_NO.UTF-8"
LC_ADDRESS="no_NO.UTF-8"
LC_TELEPHONE="no_NO.UTF-8"
LC_MEASUREMENT="no_NO.UTF-8"
LC_IDENTIFICATION="no_NO.UTF-8"
LC_ALL=
"LANG= /etc/init.d/fail2ban restart" works though.
You can also edit the script /etc/init.d/fail2ban and add
LANG= after SCRIPTNAME= so it looks like this:
----
PATH=/usr/sbin:/usr/bin:/sbin:/bin
DESC="authentication failure monitor"
NAME=fail2ban
DAEMON=/usr/bin/$NAME
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
LANG=
# Exit if the package is not installed
-----
I found that editing the startup script was the best,
because then I don't have to manually restart it after
rebooting.
It will only occur in months that are spellt different
from english, and that will only be a few months when
using three letters for months.
Logged In: YES
user_id=487166
I can not correct this problem. My locale is as follows:
LANG=tr_TR.UTF-8
LC_CTYPE=tr_TR.UTF-8
LC_NUMERIC=en_US.UTF-8
LC_TIME=tr_TR.UTF-8
LC_COLLATE=tr_TR.UTF-8
LC_MONETARY=en_US.UTF-8
LC_MESSAGES=tr_TR.UTF-8
LC_PAPER=en_US.UTF-8
LC_NAME=en_US.UTF-8
LC_ADDRESS=en_US.UTF-8
LC_TELEPHONE=en_US.UTF-8
LC_MEASUREMENT=en_US.UTF-8
LC_IDENTIFICATION=en_US.UTF-8
LC_ALL=
Neither "LANG=en_US /etc/init.d/fail2ban restart" nor
modifying the /etc/init.d/fail2ban script coorects the
problem. I even tried "LANG=en_US.UTF-8
/etc/init.d/fail2ban restart", it did not work either.
Any input is welcome!
hakova
Logged In: NO
Same for french fr_FR settings.
...
But I opened /usr/bin/fail2ban and there was these lines :
# Set the locale with the user's default setting
try:
locale.setlocale(locale.LC_ALL, '')
except Exception:
print "Unable to set locale to " + `locale.getdefaultlocale()`
sys.exit(-1)
I cut off these line ...
I launch /etc/init.d/fail2ban restart
And no : Please check the format and your locale settings.
This is an idea ?
Logged In: YES
user_id=933467
Originator: NO
Could you post the output of "locale"? Are the date in your log files displayed using fr_FR or any other locale? Is there a mix of several locales in your log files?
Thank you
Logged In: NO
Same for finish fi_FI settings
LANG=fi_FI.UTF-8
LC_CTYPE="fi_FI.UTF-8"
LC_NUMERIC="fi_FI.UTF-8"
LC_TIME="fi_FI.UTF-8"
LC_COLLATE="fi_FI.UTF-8"
LC_MONETARY="fi_FI.UTF-8"
LC_MESSAGES="fi_FI.UTF-8"
LC_PAPER="fi_FI.UTF-8"
LC_NAME="fi_FI.UTF-8"
LC_ADDRESS="fi_FI.UTF-8"
LC_TELEPHONE="fi_FI.UTF-8"
LC_MEASUREMENT="fi_FI.UTF-8"
LC_IDENTIFICATION="fi_FI.UTF-8"
LC_ALL=
Logged In: YES
user_id=933467
Originator: NO
Please try 0.6.2 and set the value of "locale" in fail2ban.conf to "C", "en_US" or "POSIX". You can use "locale -a" to see which locales are available on your system.
# Option: locale
# Notes.: global (cannot be redefined per section) locale to use for
# timestamp pattern matching by changing LC_TIME for
# fail2ban process. Empty entry sets locale to default one
# (usually specified by LC_ALL environment variable).
# Values: LOCALE Default:
#
locale =
Thank you
Logged In: YES
user_id=933467
Originator: NO
I close this bug as this should be fixed in 0.6.2. If not, please reopen.
problem with proftpd.conf and Russian locale
parse problem
Found a match for ' my_host proftpd[5391] 127.0.0.1 (111.222.333.444[111.222.333.444]): SECURITY VIOLATION: root login attempted.
' but no valid date/time found for 'Окт 03 14:13:08'. Please contact the author in order to get support for this format
Found a match for ' my_host proftpd[5392] 127.0.0.1 (111.222.333.444[111.222.333.444]): SECURITY VIOLATION: root login attempted.
' but no valid date/time found for 'Окт 03 14:13:09'. Please contact the author in order to get support for this format
Found a match for ' my_host proftpd[5393] 127.0.0.1 (111.222.333.444[111.222.333.444]): SECURITY VIOLATION: root login attempted.
' but no valid date/time found for 'Окт 03 14:13:35'. Please contact the author in order to get support for this format
Original log file:
Окт 03 14:13:08 my_host proftpd[5391] 127.0.0.1 (111.222.333.444[111.222.333.444]): SECURITY VIOLATION: root login attempted.
Окт 03 14:13:09 my_host proftpd[5392] 127.0.0.1 (111.222.333.444[111.222.333.444]): SECURITY VIOLATION: root login attempted.
Окт 03 14:13:35 my_host proftpd[5393] 127.0.0.1 (111.222.333.444[111.222.333.444]): SECURITY VIOLATION: root login attempted.