Mailing List Archive

No IP address in DAViCal log message to syslog
Hi,

I'm trying to setup fail2ban with DAViCal. So if login fails, the
IP-address of the client who entered the wrong credentials is blocked.
However, when I enter an invalid username/password in the login screen,
DAViCal logs the failure to syslog without IP-address. For fail2ban to
work I really need this.

$ cat syslog
    Aug 26 20:31:58 myserver apache2: DAViCal: Login failure: WARN:
Invalid username or password.
$ sudo dpkg -l | grep davi
ii  davical 1.1.7-1

In the DAViCal wenks filter <https://www.wenks.ch/fabian/fail2ban/> a
<HOST> IP exists. So it could be a config error on my site. I have no
clue however what's causing it.
Maybe you can?

Thanks!
Hansa
Re: No IP address in DAViCal log message to syslog [ In reply to ]
Hello Hansa

First, thank you very much for your detailed report directly to me. This
helped me to improve my fail2ban davical filter, as it also was not
working any more on my end.

On 26.08.2020 21:12, Hansa via Davical-general wrote:
> $ cat syslog
>     Aug 26 20:31:58 myserver apache2: DAViCal: Login failure: WARN:
> Invalid username or password.
> $ sudo dpkg -l | grep davi
> ii  davical 1.1.7-1
>
> In the DAViCal wenks filter <https://www.wenks.ch/fabian/fail2ban/> a
> <HOST> IP exists. So it could be a config error on my site. I have no
> clue however what's causing it.
> Maybe you can?

As mention in the davical.conf for the davical filter I do not use the
syslog file, but the Apache error logfile, which always gives the client IP.

I hope this helps.


Best regards,
Fabian


_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: No IP address in DAViCal log message to syslog [ In reply to ]
Hi Hansa,

Logs are generated by Apache, not DAViCal.

Check for a "CustomLog" directive in your vhost configuration. Mine
looks like this one:
> CustomLog ${APACHE_LOG_DIR}/davical.log combined

... where "combined" refers to a "LogFormat" directive in apache2.conf:
> LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

Regards
Julien

Le 26/08/2020 à 21:12, Hansa via Davical-general a écrit :

> Hi,
> I'm trying to setup fail2ban with DAViCal. So if login fails, the > IP-address of the client who
> entered the wrong credentials is blocked. > However, when I enter an invalid username/password in
> the login screen, > DAViCal logs the failure to syslog without IP-address. For fail2ban to > work I
> really need this.
> $ cat syslog
> Aug 26 20:31:58 myserver apache2: DAViCal: Login failure: WARN: > Invalid username or password.
> $ sudo dpkg -l | grep davi
> ii davical 1.1.7-1
> In the DAViCal wenks filter <https://www.wenks.ch/fabian/fail2ban> a > <HOST> IP exists. So it
> could be a config error on my site. I have no > clue however what's causing it.
> Maybe you can?
> Thanks!
> Hansa
>> _______________________________________________
> Davical-general mailing list
> Davical-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/davical-general


_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: No IP address in DAViCal log message to syslog [ In reply to ]
Hi Hansa,

I would be interested if you get it to work with the fail2ban and how
you set it up.

//Kim

On 2020-11-01 09:03, Julien Métairie via Davical-general wrote:
> Hi Hansa,
>
> Logs are generated by Apache, not DAViCal.
>
> Check for a "CustomLog" directive in your vhost configuration. Mine
> looks like this one:
>> CustomLog ${APACHE_LOG_DIR}/davical.log combined
>
> ... where "combined" refers to a "LogFormat" directive in apache2.conf:
>> LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
>> \"%{User-Agent}i\"" combined
>
> Regards
> Julien
>
> Le 26/08/2020 à 21:12, Hansa via Davical-general a écrit :
>
>> Hi,
>> I'm trying to setup fail2ban with DAViCal. So if login fails, the >
>> IP-address of the client who
>> entered the wrong credentials is blocked. > However, when I enter an
>> invalid username/password in
>> the login screen, > DAViCal logs the failure to syslog without
>> IP-address. For fail2ban to > work I
>> really need this.
>> $ cat syslog
>> Aug 26 20:31:58 myserver apache2: DAViCal: Login failure: WARN: >
>> Invalid username or password.
>> $ sudo dpkg -l | grep davi
>> ii  davical 1.1.7-1
>> In the DAViCal wenks filter <https://www.wenks.ch/fabian/fail2ban> a
>> > <HOST> IP exists. So it
>> could be a config error on my site. I have no > clue however what's
>> causing it.
>> Maybe you can?
>> Thanks!
>> Hansa
>>> _______________________________________________
>> Davical-general mailing list
>> Davical-general@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/davical-general
>
>
> _______________________________________________
> Davical-general mailing list
> Davical-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/davical-general

--
Vänlig hälsning,
Kim Haverblad
M: 0760046232
--
GnuPG ID: 0x8B75 DF42 EE04 296E


_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: No IP address in DAViCal log message to syslog [ In reply to ]
Hi Kim,

Sure!
The problem lay with the php.ini 'error_log' directive on my web server.
It was set to 'error_log = syslog' on my site.
For some reason, the syslog handler doesn't pass the IP address
properly. After commenting out the syslog directive in php.ini and an
apache2 restart, it now logs the IP address properly in the apache2
error log.

Regards,
Hansa

On 01-11-2020 12:20, Kim Haverblad wrote:
> Hi Hansa,
>
> I would be interested if you get it to work with the fail2ban and how
> you set it up.
>
> //Kim
>
> On 2020-11-01 09:03, Julien Métairie via Davical-general wrote:
>> Hi Hansa,
>>
>> Logs are generated by Apache, not DAViCal.
>>
>> Check for a "CustomLog" directive in your vhost configuration. Mine
>> looks like this one:
>>> CustomLog ${APACHE_LOG_DIR}/davical.log combined
>>
>> ... where "combined" refers to a "LogFormat" directive in apache2.conf:
>>> LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
>>> \"%{User-Agent}i\"" combined
>>
>> Regards
>> Julien
>>
>> Le 26/08/2020 à 21:12, Hansa via Davical-general a écrit :
>>
>>> Hi,
>>> I'm trying to setup fail2ban with DAViCal. So if login fails, the >
>>> IP-address of the client who
>>> entered the wrong credentials is blocked. > However, when I enter an
>>> invalid username/password in
>>> the login screen, > DAViCal logs the failure to syslog without
>>> IP-address. For fail2ban to > work I
>>> really need this.
>>> $ cat syslog
>>> Aug 26 20:31:58 myserver apache2: DAViCal: Login failure: WARN: >
>>> Invalid username or password.
>>> $ sudo dpkg -l | grep davi
>>> ii  davical 1.1.7-1
>>> In the DAViCal wenks filter <https://www.wenks.ch/fabian/fail2ban> a
>>> > <HOST> IP exists. So it
>>> could be a config error on my site. I have no > clue however what's
>>> causing it.
>>> Maybe you can?
>>> Thanks!
>>> Hansa
>>>> _______________________________________________
>>> Davical-general mailing list
>>> Davical-general@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/davical-general
>>
>>
>> _______________________________________________
>> Davical-general mailing list
>> Davical-general@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/davical-general
>



_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general