#56 fail2ban (0.8.4), corrupted syslog entry

open
nobody
None
5
2010-09-20
2010-09-20
No

# grep -ir fail2ban /var/log/messages
Sep 20 05:16:06 loghost <28>fail2ban.actions: WARNING [ssh] Ban 78.129.232.126
Sep 20 13:22:41 loghost <28>fail2ban.actions: WARNING [ssh] Ban 93.205.114.146
Sep 20 13:22:41 teg <28>fail2ban.actions: WARNING [ssh] Ban 93.205.114.146
#

"" is, according to http://wikipedia.org/wiki/Byte_Order_Mark, the Byto Order Mark for UTF8, not sure where "<28>" is from.

Discussion

  • Ernesto Baschny

    Ernesto Baschny - 2011-05-23

    I confirm that behaviour. Had to adapt logcheck rule to match this stuff. Started appearing on my Debian Squeeze system:

    fail2ban 0.8.4-3
    python 2.6.6-3+squeeze6

    Maybe its a python bug?

     
  • Mario Witte

    Mario Witte - 2012-01-24

    I already posted this problem in the fail2ban-user mailing list and only now found this thread. Were you able to solve this problem? And how did you manage to adapt the log check rule? I tried changing mine and it works in logcheck-test but not in the "real" process.

     

Log in to post a comment.