Bug 2225378

Summary: logwatch/fail2ban output issue related to "Increase Ban"
Product: Red Hat Enterprise Linux 8 Reporter: Peter Bieringer <pb>
Component: logwatchAssignee: Lukáš Nykrýn <lnykryn>
Status: NEW --- QA Contact: qe-baseos-daemons
Severity: low Docs Contact:
Priority: unspecified    
Version: 8.8   
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Bieringer 2023-07-25 06:55:09 UTC 
Description of problem:
Logwatch/fail2ban is not ignoring "Increase Ban"


Version-Release number of selected component (if applicable):
logwatch-7.4.3-11.el8.noarch

How reproducible:
always

Steps to Reproduce:
1. install logwatch
2. install+configure fail2ban


Actual results:
--------------------- fail2ban-messages Begin ------------------------ 

 
 Banned services with Fail2Ban:                             Bans:Unbans
    postfix:                                                [  4:3  ]
    postfix-ddos:                                           [ 34:29 ]
    postfix-ddos] Increase:                                 [ 27:0  ]
    postfix-extra:                                          [  7:6  ]
    postfix-extra] Increase:                                [  6:0  ]
    postfix-rbl:                                            [  2:2  ]
    postfix-sasl:                                           [  8:8  ]
    postfix-sasl] Increase:                                 [  6:0  ]
    postfix] Increase:                                      [  4:0  ]
 
 **Unmatched Entries**
    Jul 24 07:13:30 co1 fail2ban-client[1938414]: OK: 1 Time(s)
 
 ---------------------- fail2ban-messages End ------------------------- 


Expected results:
--------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:                             Bans:Unbans
    postfix:                                                [  4:3  ]
    postfix-ddos:                                           [ 34:29 ]
    postfix-extra:                                          [  7:6  ]
    postfix-rbl:                                            [  2:2  ]
    postfix-sasl:                                           [  8:8  ]
  
 **Unmatched Entries**
    Jul 24 07:13:30 co1 fail2ban-client[1938414]: OK: 1 Time(s)
 
 ---------------------- fail2ban-messages End ------------------------- 


Additional info:

Fixed by adding an additional ignore-line pattern:

--- /usr/share/logwatch/scripts/services/fail2ban.orig	2023-07-25 08:42:26.839548065 +0200
+++ /usr/share/logwatch/scripts/services/fail2ban	2023-07-25 08:49:24.301927524 +0200
@@ -83,6 +83,7 @@
          ($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or
          ($ThisLine =~ /INFO\s+Initiated '.*' backend/) or
          ($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/) or
+         ($ThisLine =~ /Increase Ban/) or
          ($ThisLine =~ /Unable to find a corresponding IP address for .*: \[Errno -2\] Name or service not known/)
        )
     {