From: <seb...@de...> - 2023-11-13 18:07:40
|
Good evening fail2ban's standard customizing assumes the existence of log files /var/log/mail.log or /var/log/access.log. With debian 12, these log files are no longer available in the standard customizing - everything runs via journalctl. Do any of you have a tutorial about “fail2ban with journalctl”? greetings & thanks Sebastian |
From: Tim B. <ti...@bo...> - 2023-11-14 09:28:44
|
Hello! Am Montag, dem 13.11.2023 um 18:48 +0100 schrieb seb...@de...: > > With debian 12, these log files are no longer available in the > standard > customizing - everything runs via journalctl. Logging output can usually be customized in the configuration files of the daemon. Which SMTP server are you running? My servers are mostly running postfix in Debian/bookworm which logs to /var/log/mail.log out of the box. My Debian notebook HAS auth.log despite there being no ssh service running. Are you on stable, testing , unstable? Cheers & bis bald, tim -- F: Welches Ereignis nahm am 06.12.1933 in Berlin seinen Lauf? A: Nikolaus |
From: Darac M. <mai...@da...> - 2023-11-15 14:20:46
Attachments:
OpenPGP_signature.asc
|
On 13/11/2023 17:48, seb...@de... wrote: > Good evening > > fail2ban's standard customizing assumes the existence of log files > /var/log/mail.log or /var/log/access.log. > > With debian 12, these log files are no longer available in the > standard customizing - everything runs via journalctl. Note that, while this is strictly true (the /default/ is not to install a syslog daemon), such a default should not be interpreted by the Debian developers as a deprecation of the standard syslog protocol. From the Debian Release notes <https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#changes-to-system-logging>: > The |rsyslog|package is no longer needed on most systems and you may > be able to remove it. > > Many programs produce log messages to inform the user of what they are > doing. These messages can be managed by systemd's “journal” or by a > “syslog daemon” such as |rsyslog|. > So, the implication here is that "journalctl" has become good enough for most uses, but every system is different. Some people want a graphical frontend, some don't; some want a web browser, some don't; some people want to use fail2ban, some people want to use crowdsec, some people are fine with a static firewall config. These are all valid choices. Note that, in Debian, fail2ban already "suggests" the "system-log-daemon" virtual package. This means that you (as the system administrator) can add any of the valid syslog daemons if you want to make use of that functionality. > > Do any of you have a tutorial about “fail2ban with journalctl”? > > greetings & thanks > Sebastian > > > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |