logwatch not up to date with fail2ban on bionic
Bug #1795124 reported by
David Gräfrath
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
logwatch (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
In fail2ban 0.10.2-2, the version that comes with Ubuntu 18.04, the log format for found (and ignored) hosts has changed. It now logs the date after the IP address like so: `INFO [sshd] Found 1.2.3.4 - 2018-09-29 10:33:54`. When logwatch parses this, it interprets everything after `Found ` as IP address, resulting in a long list of entries in the logwatch report.
affects: | fail2ban (Ubuntu) → logwatch (Ubuntu) |
To post a comment you must log in.
Thank you for taking the time to report this bug and helping to make Ubuntu better.
This sounds like a valid bug, but will need a volunteer to drive to get it fixed. Some open questions: is this fixed in logwatch upstream? What's the patch we need to land in logwatch to fix the parsing?