On 13/11/2023 17:48, seb...@de... wrote:
> Good evening
>
> fail2ban's standard customizing assumes the existence of log files
> /var/log/mail.log or /var/log/access.log.
>
> With debian 12, these log files are no longer available in the
> standard customizing - everything runs via journalctl.
Note that, while this is strictly true (the /default/ is not to install
a syslog daemon), such a default should not be interpreted by the Debian
developers as a deprecation of the standard syslog protocol.
From the Debian Release notes
<https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#changes-to-system-logging>:
> The |rsyslog|package is no longer needed on most systems and you may
> be able to remove it.
>
> Many programs produce log messages to inform the user of what they are
> doing. These messages can be managed by systemd's “journal” or by a
> “syslog daemon” such as |rsyslog|.
>
So, the implication here is that "journalctl" has become good enough
for most uses, but every system is different. Some people want a
graphical frontend, some don't; some want a web browser, some don't;
some people want to use fail2ban, some people want to use crowdsec,
some people are fine with a static firewall config. These are all valid
choices.
Note that, in Debian, fail2ban already "suggests" the
"system-log-daemon" virtual package. This means that you (as the system
administrator) can add any of the valid syslog daemons if you want to
make use of that functionality.
>
> Do any of you have a tutorial about “fail2ban with journalctl”?
>
> greetings & thanks
> Sebastian
>
>
> _______________________________________________
> Fail2ban-users mailing list
> Fai...@li...
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
|
