From: Cyril J. <cyr...@bl...> - 2005-12-17 13:25:19
|
Hi, If I refer to the first e-mail you send me, I notice that the name of the month changed. Before: data=3DDez 1 08:04:19 fmt=3D%b %d %H:%M:%S After: data=3DDec 11 04:02:00 fmt=3D%b %d %H:%M:%S You now have a "Dec" for December. Did you change something related to locale on your system? With the CVS HEAD version, the locale are set using your system default. So here, Fail2ban probably wait for "Dez" (Dezembro) which should be correct for "pt_BR". Could you try to set the environnement variable LC_ALL to "en_US", "C" and "POSIX"? # LC_ALL=3D"en_US" fail2ban -vv I cc'ed this e-mail to the mailing-list. It is an interesting issue to discuss ;) So please do not forget to reply to the list too. Thank you Cyril Fernando Jos=E9 wrote: > Hi again Cyril, i tested the CVS version of fail2ban, and now fail2ban > its running again.... but... other error has ocurried now, the software > has running ok but its not blocking not at all... in the logs has other > error with the data, the error in fail2ban logs its this: >=20 > 2005-12-17 00:15:25,817 ERROR: Please check the format and your locale > settings. > 2005-12-17 00:15:25,818 ERROR: time data did not match format: data=3D= Dec > 17 00:00:00 fmt=3D%b %d %H:%M:%S > 2005-12-17 00:15:25,819 ERROR: Please check the format and your locale > settings. > 2005-12-17 00:15:49,813 ERROR: time data did not match format: data=3D= Dec > 11 04:02:00 fmt=3D%b %d %H:%M:%S > 2005-12-17 00:15:49,813 ERROR: Please check the format and your locale > settings. > 2005-12-17 00:15:49,814 ERROR: time data did not match format: data=3D= Dec > 17 00:15:48 fmt=3D%b %d %H:%M:%S > 2005-12-17 00:15:49,815 ERROR: Please check the format and your locale > settings. > 2005-12-17 00:15:49,816 ERROR: time data did not match format: data=3D= Dec > 17 00:15:48 fmt=3D%b %d %H:%M:%S > 2005-12-17 00:15:49,816 ERROR: Please check the format and your locale > settings. >=20 > Im using new fail2ban.conf from CVS and i tested too with my original > fail2ban.conf from 0.6.0 version and the error persists, my locale > settings have this: >=20 > LANG=3Dpt_BR > LC_CTYPE=3D"pt_BR" > LC_NUMERIC=3D"pt_BR" > LC_TIME=3D"pt_BR" > LC_COLLATE=3D"pt_BR" > LC_MONETARY=3D"pt_BR" > LC_MESSAGES=3D"pt_BR" > LC_PAPER=3D"pt_BR" > LC_NAME=3D"pt_BR" > LC_ADDRESS=3D"pt_BR" > LC_TELEPHONE=3D"pt_BR" > LC_MEASUREMENT=3D"pt_BR" > LC_IDENTIFICATION=3D"pt_BR" > LC_ALL=3Dpt_BR >=20 > and in my logs have this: >=20 > Dec 16 23:59:59 saturno sshd[30882]: Failed password for myuser from > xxx.xxx.xxx.xxx port 41473 ssh2 > Dec 17 00:00:00 saturno sshd[30882]: Failed password for myuser from > xxx.xxx.xxx.xxx port 41473 ssh2 > Dec 17 00:00:00 saturno sshd(pam_unix)[30882]: 2 more authentication > failures; logname=3D uid=3D0 euid=3D0 tty=3DNODEVssh ruser=3D > rhost=3Dmyhost.mydomain user=3Dmyuser > Dec 17 00:15:48 saturno sshd(pam_unix)[31324]: authentication failure; > logname=3D uid=3D0 euid=3D0 tty=3DNODEVssh ruser=3D rhost=3Dmyhost.mydo= main=20 > user=3Dmyuser > Dec 17 00:15:48 saturno sshd[31324]: Failed password for myuser from > xxx.xxx.xxx.xxx port 43831 ssh2 >=20 > I waiting your return for this message, thanks for your time, and > sorry... i don't have a minimal time to send my logs (messages arquive) > for you, but now its here :) >=20 > PS: in the again i've retired my ips and my users >=20 > Fernando Jos=E9 - Linux User 357026 >=20 >=20 >=20 |
From: Cyril J. <cyr...@bl...> - 2005-12-18 10:20:21
|
I just forward Fernando answer to the list... Hi Cyril, i don't changed nothing im locale, the unique option in locale changed its the LC_ALL to pt_BR following the advice of one of your e-mails.... but i noted my syslog has a mixed dates, for example: I have restarted my syslog and the locale have setting to pt_BR, and in the messages show this: Dec 17 12:18:33 saturno sshd[7711]: Accepted password for suporte from xxx.xxx.xxx.xxx port 1086 ssh2 Dec 17 12:18:34 saturno sshd(pam_unix)[7713]: session opened for user suporte by (uid=3D500) Dez 17 12:18:38 saturno su(pam_unix)[7727]: session opened for user root by suporte(uid=3D500) Dec 17 12:18:51 saturno exiting on signal 15 Dec 17 12:18:52 saturno syslogd 1.4.1: restart. Dez 17 12:18:52 saturno syslog: syslogd startup succeeded Dec 17 12:18:53 saturno kernel: klogd 1.4.1, log source =3D /proc/kmsg started. Dec 17 12:18:53 saturno kernel: Inspecting /boot/System.map-2.4.21-28872c= l Dez 17 12:18:53 saturno syslog: klogd startup succeeded Dec 17 12:18:53 saturno kernel: Loaded 16687 symbols from /boot/System.map-2.4.21-28872cl. Dec 17 12:18:53 saturno kernel: Symbols match kernel version 2.4.21. Dec 17 12:18:53 saturno kernel: Loaded 711 symbols from 29 modules. Dez 17 12:18:51 saturno syslog: syslogd shutdown succeeded note the dates in pt_BR and in en_US mixed, and the syslog continues mixing dates, i have noted some service display dates in syslog in pt_BR and other services in en_US, ssh shows in en_US, i have changed my locales to en_US and fail2ban has started and ban ip again, its normal again, but have problems if my locales stay in en_US??? I leave my system running with locales in en_US. I waiting your return, regards Fernando Jos=E9 |