Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

understanding fail2ban log level #2008

Closed
2 tasks done
Vagrantin opened this issue Dec 27, 2017 · 4 comments
Closed
2 tasks done

understanding fail2ban log level #2008

Vagrantin opened this issue Dec 27, 2017 · 4 comments

Comments

@Vagrantin
Copy link

Environment:

  • Fail2Ban version (including any possible distribution suffixes): Fail2Ban v0.9.6-2
  • OS, including release name/version: Debian Stretch
  • Fail2Ban installed via OS/distribution mechanisms
  • You have not applied any additional foreign patches to the codebase

The issue:

I don't understand, what log level format Fail2ban is expecting, seems to be both...
Basically if I set the log level with a numeric the config is refused and got the error message above,
but if I use string to set the log level (ERROR, WARNING, NOTICE, INFO, DEBUG) everything works properly.
My understanding is that fail2ban is supporting both format in the fail2ban.conf file but this is not what I'm experiencing.

Steps to reproduce

In /etc/fail2ban/fail2ban.conf set loglevel = 1

Expected behavior

I'm expecting to see only the ERROR message showing up in fail2ban.log

Observed behavior

On fail2ban-client reload I got an error message ERROR NOK: ('Invalid log level',)

Any additional information

This is impacting a 3rd party tool (Webmin #742) to setup fail2ban.
Not 100% sure if it's a fail2ban issue or Debian package maintainer issue...

fail2ban config reader is expecting string #657 not sure if it as an impact here...

Configuration, dump and another helpful excerpts

Any customizations done to /etc/fail2ban/ configuration

This config is not working, see loglevel

# Fail2Ban main configuration file
#
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
#
# Changes:  in most of the cases you should not modify this
#           file, but provide customizations in fail2ban.local file, e.g.:
#
# [Definition]
# loglevel = DEBUG
#

[Definition]

# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = 1

# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
#         Only one log target can be specified.
#         If you change logtarget from the default value and you are
#         using logrotate -- also adjust or disable rotation in the
#         corresponding configuration file
#         (e.g. /etc/logrotate.d/fail2ban on Debian systems)
# Values: [ STDOUT | STDERR | SYSLOG | FILE ]  Default: STDERR
#
logtarget = /var/log/fail2ban.log

# Option: syslogsocket
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
#        auto uses platform.system() to determine predefined paths
# Values: [ auto | FILE ]  Default: auto
syslogsocket = auto

# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
#         not remove this file when Fail2ban runs. It will not be possible to
#         communicate with the server afterwards.
# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock

# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
#         fail2ban server.
# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid

# Options: dbfile
# Notes.: Set the file for the fail2ban persistent data to be stored.
#         A value of ":memory:" means database is only stored in memory 
#         and data is lost when fail2ban is stopped.
#         A value of "None" disables the database.
# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
dbfile = /var/lib/fail2ban/fail2ban.sqlite3

# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours)
dbpurgeage = 86400

This config is working properly

# Fail2Ban main configuration file
#
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
#
# Changes:  in most of the cases you should not modify this
#           file, but provide customizations in fail2ban.local file, e.g.:
#
# [Definition]
# loglevel = DEBUG
#

[Definition]

# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = INFO

# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
#         Only one log target can be specified.
#         If you change logtarget from the default value and you are
#         using logrotate -- also adjust or disable rotation in the
#         corresponding configuration file
#         (e.g. /etc/logrotate.d/fail2ban on Debian systems)
# Values: [ STDOUT | STDERR | SYSLOG | FILE ]  Default: STDERR
#
logtarget = /var/log/fail2ban.log

# Option: syslogsocket
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
#        auto uses platform.system() to determine predefined paths
# Values: [ auto | FILE ]  Default: auto
syslogsocket = auto

# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
#         not remove this file when Fail2ban runs. It will not be possible to
#         communicate with the server afterwards.
# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock

# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
#         fail2ban server.
# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid

# Options: dbfile
# Notes.: Set the file for the fail2ban persistent data to be stored.
#         A value of ":memory:" means database is only stored in memory 
#         and data is lost when fail2ban is stopped.
#         A value of "None" disables the database.
# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
dbfile = /var/lib/fail2ban/fail2ban.sqlite3

# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours)
dbpurgeage = 86400

Relevant parts of /var/log/fail2ban.log file:

When loglevel is set to **1 **

2017-12-27 06:50:02,125 fail2ban.jail           [8231]: INFO    Jail 'libwww-perl' stopped
2017-12-27 06:50:02,630 fail2ban.jail           [8231]: INFO    Jail 'apache-auth' stopped
2017-12-27 06:50:02,957 fail2ban.jail           [8231]: INFO    Jail 'apache-noscript' stopped
2017-12-27 06:50:03,879 fail2ban.jail           [8231]: INFO    Jail 'WebServerScanner' stopped
2017-12-27 06:50:04,344 fail2ban.jail           [8231]: INFO    Jail 'pass2allow-ftp' stopped
2017-12-27 06:50:05,180 fail2ban.jail           [8231]: INFO    Jail 'php-url-fopen' stopped
2017-12-27 06:50:05,183 fail2ban.transmitter    [8231]: WARNING Command ['set', 'loglevel', '1'] has failed. Received ValueError('Invalid log level',)
2017-12-27 06:50:05,186 fail2ban.server         [8231]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2017-12-27 06:50:05,187 fail2ban.jail           [8231]: INFO    Creating new jail 'sshd-ddos'
2017-12-27 06:50:05,188 fail2ban.jail           [8231]: INFO    Jail 'sshd-ddos' uses pyinotify {}
2017-12-27 06:50:05,206 fail2ban.jail           [8231]: INFO    Initiated 'pyinotify' backend
2017-12-27 06:50:05,209 fail2ban.actions        [8231]: INFO    Set banTime = 60000
2017-12-27 06:50:05,210 fail2ban.filter         [8231]: INFO    Set jail log file encoding to UTF-8
2017-12-27 06:50:05,213 fail2ban.filter         [8231]: INFO    Set findtime = 600
2017-12-27 06:50:05,216 fail2ban.filter         [8231]: INFO    Added logfile = /var/log/auth.log

When log level is set to INFO

2017-12-27 06:55:42,222 fail2ban.jail           [8231]: INFO    Jail 'libwww-perl' stopped
2017-12-27 06:55:43,128 fail2ban.jail           [8231]: INFO    Jail 'apache-auth' stopped
2017-12-27 06:55:43,422 fail2ban.jail           [8231]: INFO    Jail 'apache-noscript' stopped
2017-12-27 06:55:44,296 fail2ban.jail           [8231]: INFO    Jail 'WebServerScanner' stopped
2017-12-27 06:55:44,857 fail2ban.jail           [8231]: INFO    Jail 'pass2allow-ftp' stopped
2017-12-27 06:55:45,353 fail2ban.jail           [8231]: INFO    Jail 'php-url-fopen' stopped
2017-12-27 06:55:45,362 fail2ban.server         [8231]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2017-12-27 06:55:45,367 fail2ban.jail           [8231]: INFO    Creating new jail 'sshd-ddos'
2017-12-27 06:55:45,368 fail2ban.jail           [8231]: INFO    Jail 'sshd-ddos' uses pyinotify {}
2017-12-27 06:55:45,386 fail2ban.jail           [8231]: INFO    Initiated 'pyinotify' backend
2017-12-27 06:55:45,391 fail2ban.filter         [8231]: INFO    Set findtime = 600
2017-12-27 06:55:45,396 fail2ban.filter         [8231]: INFO    Added logfile = /var/log/auth.log

Thanks for any input

Kind regards
Matth
@sebres
Copy link
Contributor

sebres commented Dec 27, 2017

Since v.0.10 you can use both forms of log-level (so numeric also).
BTW. Value of 1 would be thereby very-heavy-debug level.
For corresponding numeric values see Logging Levels in python documentation.

Duplicate of #1968

@sebres sebres closed this as completed Dec 27, 2017
@Vagrantin
Copy link
Author

@sebres ,
Just to clarify how things are done in term of setting the logs level.
my understanding is

< 0.8.x : set log level using numeric only
0.9.x : set log level using string only
> 0.10 : Set log level with both numeric and string

I'm I right with this statement ?

Thanks for the clarifications
Matth

@sebres
Copy link
Contributor

sebres commented Dec 28, 2017

< 0.8.x : set log level using numeric only

It looks indeed so, but according to the code it was another "numeric" [0..3].
Now the numeric values are the same values as python-logging expects it.

@Vagrantin Vagrantin mentioned this issue Jan 4, 2018
Closed
@Vagrantin
Copy link
Author

OK, then it would be summarized like this:

< 0.8.x : set log level using numeric only [ 0...3]
0.9.x : set log level using string only
> 0.10 : Set log level with both numeric and string (python log level)

Source:
< 0.8.x
https://github.com/fail2ban/fail2ban/blob/0.8/server/server.py#L321
0.9.x
https://github.com/fail2ban/fail2ban/blob/0.9/fail2ban/client/fail2banreader.py
https://github.com/fail2ban/fail2ban/blob/0.9/fail2ban/server/server.py#L#316
> 0.10
#1968
https://github.com/fail2ban/fail2ban/blob/0.9/fail2ban/server/server.py#L#529

Matth

@jdlourenco jdlourenco mentioned this issue Jun 1, 2018
Open
@sebres sebres mentioned this issue Mar 22, 2022
Closed
@sebres sebres mentioned this issue Jul 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sebres @Vagrantin