Ubuntu
logwatch package

logwatch not up to date with fail2ban on bionic

Bug #1795124 reported by David Gräfrath
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
logwatch (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

In fail2ban 0.10.2-2, the version that comes with Ubuntu 18.04, the log format for found (and ignored) hosts has changed. It now logs the date after the IP address like so: `INFO [sshd] Found 1.2.3.4 - 2018-09-29 10:33:54`. When logwatch parses this, it interprets everything after `Found ` as IP address, resulting in a long list of entries in the logwatch report.

David Gräfrath (davedodo)
affects: fail2ban (Ubuntu) → logwatch (Ubuntu)
Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

This sounds like a valid bug, but will need a volunteer to drive to get it fixed. Some open questions: is this fixed in logwatch upstream? What's the patch we need to land in logwatch to fix the parsing?

Changed in logwatch (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
David Gräfrath (graefrath) wrote :

Checking the github repo of fail2ban, I can see that a newer version of the logwatch script is available (revision 1.6) at `https://github.com/fail2ban/fail2ban/blob/master/files/logwatch/fail2ban`. Logwatch 7.4.2 comes with the 1.5 revision of said script, which is apparently not equipped to handle the new log messages. So I guess it's not really a bug, more like a version incompatibility.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.