This might be some of the confusion. Fail2ban can read a journal file if
you tell it to with the backend = systemd in the jail.conf or
jail.local. If you tell it to used systemd for that jail then in the
filter for that jail you have to tell it what unit to match for example
journalmatch = _SYSTEMD_UNIT=vncserver-x11-serviced.service. But if you
have the backend = auto then it will look for the plain text logs. If
you set the backend = systmed in the jail.conf file you can still tell a
single jail to look for a log file somewhere else a good example is the
selinux-ssh jail. The it's log is in /var/log/audit and is in plain
text.
On Sun, 2015-07-12 at 12:53 -0700, E.B. wrote:
> > The systemd backend is necessary to read journald's binary 'logs'.
> > The other backends (pyinotify, gamin, polling) read (Linux/Unix)
> > log files.
> >
> > If you want fail2ban to monitor a journald/binary log file, you
> > need backend=systemd.
>
> I take that mean if I see log files in /var/log my system
> not using journald (thus fail2ban-systemd not necessary in
> my case)
>
> > If you're reading traditional *nix text
> > log files, I'd recommend pyinotify (and auto defaults to it if
> > available, as I mentioned).
>
> got that, but you don't say WHY your recommendation. my
> question is why do you recommend (vs. gamin or polling)?
> see again:
>
> > > You said 'not so much benefit or weakness' but you went on
> > > to advise using pyinotify. If no backend is better than any
> > > other, why is there a preference? And why is there more than
> > > one if they are all mostly the same?
>
> thank you for time to respond!!
>
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
