On 07/12/2015 03:31 PM, E.B. wrote: >>>>> Does installing gamin help this? (can't find any information >>>>> about benefits of using gamin with fail2ban, any links to >>>>> read?) >>>>> >>>> >>>> No, the backend determines how fail2ban monitors the files (think tail -f) >>>> I'd recommend using pyinotify (the default if set to auto and is >>>> installed). >>> >>> well i see there is also stuff about journalmatch for systemd so i >>> am very confused what the best backend to use. I can't find docs >>> about when/why/how to use different beckends. also it looks like >>> some people using gamin with journalmatch to add to confusion. >>> Is there somewhere a doc page or a discussion about how each >>> backend working and merits/weakness of each? >> >> >> Not so much a benefit or weakness, but if your log file is using >> journald, you need to use backend=systemd (not sure why it was >> called that, since systemd defenders often say how they have >> nothing to do with the other components - journald, in this >> case). If your log file is a traditional file, I'd suggest >> using pyinotify. > > Thanks for your fast response! This system is based on systemd > so I was getting impression that it must use journald. I see > rsyslog is running so maybe not? Also, install fail2ban with > no extra package like "fail2ban-systemd" so i guess that means > logging not done to journal? (would fail2ban work in a journald > environment without using journal/systemd backend?) > > You said 'not so much benefit or weakness' but you went on > to advise using pyinotify. If no backend is better than any > other, why is there a preference? And why is there more than > one if they are all mostly the same?
The systemd backend is necessary to read journald's binary 'logs'. The other backends (pyinotify, gamin, polling) read (Linux/Unix) log files. If you want fail2ban to monitor a journald/binary log file, you need backend=systemd. If you're reading traditional *nix text log files, I'd recommend pyinotify (and auto defaults to it if available, as I mentioned). > > ------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
