On 13/11/2023 17:48, sebast...@debianfan.de wrote:
Good eveningfail2ban's standard customizing assumes the existence of log files /var/log/mail.log or /var/log/access.log.With debian 12, these log files are no longer available in the standard customizing - everything runs via journalctl.
Note that, while this is strictly true (the /default/ is not to install a syslog daemon), such a default should not be interpreted by the Debian developers as a deprecation of the standard syslog protocol.
From the Debian Release notes <https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#changes-to-system-logging>:
The |rsyslog|package is no longer needed on most systems and you may be able to remove it.So, the implication here is that "journalctl" has become good enough for most uses, but every system is different. Some people want a graphical frontend, some don't; some want a web browser, some don't; some people want to use fail2ban, some people want to use crowdsec, some people are fine with a static firewall config. These are all valid choices.Many programs produce log messages to inform the user of what they are doing. These messages can be managed by systemd's “journal” or by a “syslog daemon” such as |rsyslog|.
Note that, in Debian, fail2ban already "suggests" the "system-log-daemon" virtual package. This means that you (as the system administrator) can add any of the valid syslog daemons if you want to make use of that functionality.
Do any of you have a tutorial about “fail2ban with journalctl”? greetings & thanks Sebastian _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
