Re: [Fail2ban-users] Fedora 10 + rsyslog + ISO date + fail2ban 0.8.3not working

[Klaus L. <leh...@t-...>]

On Sun, 4 Jan 2009 21:45:32 +0100, Iain Lea wrote:

hi Iain
my advice
1. use snapshot: (it's the newest)
http://www.fail2ban.org/nightly/fail2ban-FAIL2BAN-0_8.tar.bz2
2. it's eays to install, by Yourself ;-)
to do only this: python setup.py install

why:
I don't want to use precompiled packages.

yours klaus



<cit>I have spent the last day trying to get fail2ban 0.8.3 working on:
<cit>
<cit>- Fedora 10 64 bit running on a dual opteron server + 8GB RAM
<cit>- Linux fw1-lan010 2.6.27.5-117.fc10.x86_64 #1 SMP Tue Nov 18
11:58:53 EST 2008 x86_64 x86_64 x86_64 GNU/Linux
<cit>- python-2.5.2-1.fc10.x86_64
<cit>- fail2ban-0.8.3-16.fc10.noarch
<cit>
<cit>System is configured to send *.* to /var/log/messages (everything
in 1
<cit>logfile) which is then used in fail2ban config files. 
<cit>
<cit>/etc/rsyslog.conf:
<cit>
<cit># provides --MARK-- message capability
<cit>$ModLoad immark
<cit># provides UDP syslog reception
<cit>$ModLoad imudp
<cit># provides TCP syslog reception
<cit>$ModLoad imtcp
<cit># provides support for local system logging (e.g. via logger
command)
<cit>$ModLoad imuxsock
<cit># provides kernel logging support (previously done by rklogd)
<cit>$ModLoad imklog
<cit># provides GSSAPI syslog reception
<cit>#$ModLoad imgssapi
<cit>
<cit># this MUST be before the $UDPServerRun directive!
<cit>$UDPServerAddress 192.168.10.5
<cit>$UDPServerRun 514
<cit>
<cit>*.*  /var/log/messages
<cit>
<cit>Output format with iso date in /var/log/messages is:
<cit>
<cit>2009-01-04T11:55:19.271930+01:00 fw1-lan010 sshd[9934]: \
<cit>  Failed password for invalid user unitedcolo from \
<cit>  195.70.36.149 port 44542 ssh2
<cit>
<cit>Same config but with old style date in syslog worked fine on
<cit>Fedora 6 and 8 systems.
<cit>
<cit>I have attached various debug info as it just does not work.
<cit>
<cit>Has anyone any tips to try and fix this as I am out of them?
<cit>
<cit>Thanx
<cit>
<cit>Iain
<cit>