Menu
▾
▴
[Fail2ban-users] How to specify syslog facility with systemd?
|
From: George W. <ge...@gr...> - 2023-12-09 21:51:26
|
Howdy, I am developing a custom fail2ban filter for a daemon that logs to syslog. I am using Debian 12, so syslog is handled by systemd. If I dump a syslog facilty to a file: # journalctl --facility=mail --output=short-full --no-tail >test.log and then test my filter with # fail2ban-regex test.log myfilter.conf Then it seems to work well. At least it seems to match the correct lines. But of course I don't want to dump the journal to a file. So how can I tell fail2ban to look into the syslog when it is handled by systemd? I know that if a daemon logs directly to systemd, then you can do this: backend = systemd journalmatch = _SYSTEMD_UNIT=mydaemon.service But this daemon logs to syslog, so that does not work. As a guess, I tried changing that to journalmatch = _SYSTEMD_FACILIY=mail but of course that was a bad guess. Can you tell me how to tell fail2ban which syslog facility to follow? Thanks, --George |