Howdy, I am developing a custom fail2ban filter for a daemon that logs to syslog. I am using Debian 12, so syslog is handled by systemd. If I dump a syslog facilty to a file:
# journalctl --facility=mail --output=short-full --no-tail >test.log and then test my filter with # fail2ban-regex test.log myfilter.conf Then it seems to work well. At least it seems to match the correct lines. But of course I don't want to dump the journal to a file. So how can I tell fail2ban to look into the syslog when it is handled by systemd? I know that if a daemon logs directly to systemd, then you can do this: backend = systemd journalmatch = _SYSTEMD_UNIT=mydaemon.service But this daemon logs to syslog, so that does not work. As a guess, I tried changing that to journalmatch = _SYSTEMD_FACILIY=mail but of course that was a bad guess. Can you tell me how to tell fail2ban which syslog facility to follow? Thanks, --George
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
