Red Hat Bugzilla – Bug 845802
python prepends UTF-8 BOM syslog messages - causes messages to be treated a EMERG level
Last modified: 2016-01-31 21:14:52 EST
Description of problem:
We have fail2ban configured with loglevel = 3, logtarget = SYSLOG; but fail2ban is logging to syslog with kern.emerg priority.
kern.emerg<0>: Aug 1 18:08:44 gate1 ?<28>fail2ban.actions: WARNING [ssh-iptables] Unban 10.228.1.11
Effectively, this means that such messages are logged to all user consoles, due to the default rsyslog config on RHEL6.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install fail2ban and configure for ssh banning
2. Invoke a ban (or wait for an unban)
Message is logged to syslog as an emergency.
Message is logged as info (loglevel 3).
This appears to have been fixed in fail2ban 0.8.7:
> This appears to have been fixed in fail2ban 0.8.7
It looks like the latest in EPEL is 0.8.4(-28). What needs to happen to get this fix backported, or get fail2ban upgraded?
I don't maintain this package for "Fedora proper", only EPEL and I would like not to have EPEL be ahead of Fedora, please file a request for the Fedora package to be updated and I will happily follow suit.
> I don't maintain this package for "Fedora proper", only EPEL and I would
> like not to have EPEL be ahead of Fedora, please file a request for the
> Fedora package to be updated and I will happily follow suit.
Done: bug# 864998
This is actually a python bug that was fixed in python 2.7+. Fix commit which works for python 2.6 is http://hg.python.org/cpython/rev/af46a001d5ec
Created attachment 761960 [details]
SysLogHandler no longer inserts a UTF-8 BOM into the message
*** Bug 970133 has been marked as a duplicate of this bug. ***
Is there an ETA on when an update containing this fix will be released?
(In reply to James Juran from comment #18)
> Is there an ETA on when an update containing this fix will be released?
bugfix for this issue will be part of next RHEL 6 minor release.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.