2225378 – logwatch/fail2ban output issue related to "Increase Ban"

Bug 2225378 - logwatch/fail2ban output issue related to "Increase Ban"

Summary: logwatch/fail2ban output issue related to "Increase Ban"

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	logwatch
Sub Component:
Version:	8.8
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Lukáš Nykrýn
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-07-25 06:55 UTC by Peter Bieringer
Modified:	2023-07-25 06:56 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	---
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-163249	0	None	None	None	2023-07-25 06:56:12 UTC

Description Peter Bieringer 2023-07-25 06:55:09 UTC

Description of problem:
Logwatch/fail2ban is not ignoring "Increase Ban"


Version-Release number of selected component (if applicable):
logwatch-7.4.3-11.el8.noarch

How reproducible:
always

Steps to Reproduce:
1. install logwatch
2. install+configure fail2ban


Actual results:
--------------------- fail2ban-messages Begin ------------------------ 

 
 Banned services with Fail2Ban:                             Bans:Unbans
    postfix:                                                [  4:3  ]
    postfix-ddos:                                           [ 34:29 ]
    postfix-ddos] Increase:                                 [ 27:0  ]
    postfix-extra:                                          [  7:6  ]
    postfix-extra] Increase:                                [  6:0  ]
    postfix-rbl:                                            [  2:2  ]
    postfix-sasl:                                           [  8:8  ]
    postfix-sasl] Increase:                                 [  6:0  ]
    postfix] Increase:                                      [  4:0  ]
 
 **Unmatched Entries**
    Jul 24 07:13:30 co1 fail2ban-client[1938414]: OK: 1 Time(s)
 
 ---------------------- fail2ban-messages End ------------------------- 


Expected results:
--------------------- fail2ban-messages Begin ------------------------ 

 Banned services with Fail2Ban:                             Bans:Unbans
    postfix:                                                [  4:3  ]
    postfix-ddos:                                           [ 34:29 ]
    postfix-extra:                                          [  7:6  ]
    postfix-rbl:                                            [  2:2  ]
    postfix-sasl:                                           [  8:8  ]
  
 **Unmatched Entries**
    Jul 24 07:13:30 co1 fail2ban-client[1938414]: OK: 1 Time(s)
 
 ---------------------- fail2ban-messages End ------------------------- 


Additional info:

Fixed by adding an additional ignore-line pattern:

--- /usr/share/logwatch/scripts/services/fail2ban.orig	2023-07-25 08:42:26.839548065 +0200
+++ /usr/share/logwatch/scripts/services/fail2ban	2023-07-25 08:49:24.301927524 +0200
@@ -83,6 +83,7 @@
          ($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or
          ($ThisLine =~ /INFO\s+Initiated '.*' backend/) or
          ($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/) or
+         ($ThisLine =~ /Increase Ban/) or
          ($ThisLine =~ /Unable to find a corresponding IP address for .*: \[Errno -2\] Name or service not known/)
        )
     {

Note You need to log in before you can comment on or make changes to this bug.