Hi Gilles,

On 5/26/20 12:04 AM, gil...@poolp.org wrote:
> We now provide a reporting API which is basically a stream of events that can
> be consumed by tools. It is a line-based format which is not meant to be read
> by humans but meant to be easily parsed by tools and that provides all of the
> information necessary to replicate the session states. Using this stream, one
> can write a tiny filter which aggregates info and outputs logs tailored for a
> specific third-party application with a guarantee that it won't break when we
> make a subtle change to the maillog format. If I were working on SSHGuard for
> example, I'd write an sshguard-exporter script that reads the stream and that
> outputs to syslog a format SSHguard recognizes. This way, an smtpd user would
> simply:
>     filter sshguard proc-exec "sshguard-exporter"
>     listen on all filter sshguard
>     action "foobar" relay filter sshguard
> SSHguard itself would never need to be altered to follow changes in logs.

Thanks makes sense to me. I was vaguely aware that actions and filters
became available, but I didn't know that they could do this. I think
this is exactly what I was looking for.


Kevin Zheng
kevinz5...@gmail.com | kev...@berkeley.edu
XMPP: kev...@eecs.berkeley.edu

Reply via email to