Fix Dropbear filter when logging to STDOUT #3597
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since Debian Bookworm, the distribution ships Dropbear with a native systemd service instead of the default upstream init.d service, and accordingly use the
-F
and-E
flags, to run it in foreground and have it logging to STDOUT instead of syslog.As usual, timestamps and also the PID are now included by the log message emitted by Dropbear, in addition to the systemd journal log prefix.
The Dropbear filter hence does not match anymore. This commit adds the PID and timestamp as optional pattern between prefix and fail log text, to support Dropbear on Debian Bookworm and newer (and likely new versions of other distros) without breaking the old pattern when running Dropbear without
-E
flag.Before submitting your PR, please review the following checklist:
against certain release version, choose
0.9
,0.10
or0.11
branch,for dev-edition use
master
branchfailregex
for filterX
with sample log lineswithin
fail2ban/tests/files/logs/X
fileI can add a line to https://github.com/fail2ban/fail2ban/blob/master/fail2ban/tests/files/logs/dropbear, but is there a way to get this
failJSON
?