Timezone in the Logs is missing (fail2ban is not working)

[iBLtz]

Hi,

I am trying to set up Fail2ban (from Letsencrypt image) with Bitwarden. Everything is in place and is almost working.

Fail2ban is not banning because the Logs are without timestamp (if i am correctly analyzing the problem)

2019-08-14 21:23:59,669 fail2ban.datedetector   [351]: HEAVY   try to match time for line: [2019-08-14 19:23:59][bitwarden_rs::error][ERROR] Username or password is incorrect. Try again. IP: 84.46.46.XX. ...
2019-08-14 21:23:59,669 fail2ban.datedetector   [351]: HEAVY     try to match last anchored template #00 ...
2019-08-14 21:23:59,669 fail2ban.datedetector   [351]: Level 6   matched last time template #00
2019-08-14 21:23:59,669 fail2ban.datedetector   [351]: Level 6   got time 1565803439.000000 for '2019-08-14 19:23:59' using template {^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|  ?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
2019-08-14 21:23:59,670 fail2ban.filter         [351]: HEAVY   Ignore line since time 1565803439.0 < 1565810639.6700468 - 1440

because of this, it just Ignore line since time 1565803439.0 < 1565810639.6700468 - 14400

If i copy the line [2019-08-14 19:23:59 UTC][bitwarden_rs::error][ERROR] Username or password is incorrect. Try again. IP: 84.46.46.XX. ... (notice the "UTC" in the timestamp) several time in the bitwarden Logs, fail2ban succeed in banning the IP :)

Anyway to change the time output?

thx!

[iBLtz]

Well I played with it again today. I am living in Germany (UTC+1). if i compensate the findtime from fail2ban, then it is working

workaround :
findtime = desired findtime + 60x60x1 (or 2 if summer) (seconds)

Timezone in the Logs would still be great :)

[dani-garcia]

The log date format is printed here: https://github.com/dani-garcia/bitwarden_rs/blob/master/src/main.rs#L77.

We could add %Z to that format string to print the timezone too. Also I noticed we are using the local timezone, maybe it's better to standarize and force it to always use UTC?

We could also extract that to a config option if there was interest in using weird date formats, but I'm not sure if that would be worth it.

[iBLtz]

I think to print the timezone would %z would be great, because the information is missing and leads to some issues. As a config option not really needed I guess.

When I was printing the date from inside the container, the time was correctly returned. when the log produced some lines, it was the UTC time (my time - 1). Did I configured something wrong?

[Akruidenberg]

Is it possible to update the documentation of the fail2ban page with info to using it with a fail2ban container? I want to use the crazymax container of fail2ban with traefik.
Sadly, I've got iptables-allports error, maybe because I'm using traefik behind it.

[BlackDex]

To change the timezone within the container you can run the container to have a TZ environment variable.
docker run ... -e TZ=Europe/Amsterdam

Or you can pass the hosts timezone by using volumes:
docker run ... -v /etc/timezone:/etc/timezone:ro

Also, fail2ban supports many time formats, and can try to auto guess it.
Also, i use the nginx logs for fail2ban instead of the bitwarden logs.

[DoTheEvo]

just tested a thing

• image: bitwardenrs/server:alpine - ignores TZ env variable set timezone
• image: bitwardenrs/server - time zone set by TZ works fine

[jjlin]

@DoTheEvo I think you need the tzdata package installed in Alpine if you want the TZ env var to work. Could be done, but it adds a few extra MB to the Alpine image, which Alpine users generally want to be minimal. Adding the /etc/timezone:/etc/timezone:ro bind mount in Alpine works fine, though.

[BlackDex]

Also, there now is an option to customize the timestamp if you need too see: https://github.com/dani-garcia/bitwarden_rs/blob/2f3e18caa98271f9273e39e999f55635975091aa/.env.template#L57

[dadatuputi]

Look like this was fixed in f6bd8b3 by adding the tzdata package to the alpine image