On Mon, 27 May 2024 15:08:38 +0100, Simon McVittie <s...@debian.org> wrote: >I know fail2ban and logcheck do read plain-text logs (although as >mentioned, fail2ban already has native Journal-reading support too), and I >would guess that fwlogwatch, snort and xwatch probably also read the logs.
Those files could use alternatively journal-brief, which also nicely handles the issue of having a "cursor". With journal-brief a package could explicitly ask for all log entries since the last run without having to implement their own method. Greetings Marc -- ---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " | Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402
