Most new operating systems are switching to journald instead of syslog for logging as it provides a much needed unified interface for logging. It would be good if CSF could support this similar to fail2ban.
fail2ban:
https://unix.stackexchange.com/question ... md-journal
A good tutorial on using journalctl:
https://www.2daygeek.com/journalctl-rea ... stem-logs/
Add journald support
Add journald support
Last edited by marcele on 08 Nov 2022, 07:39, edited 1 time in total.
Re: Add journald support
You should note that you wouldn't even have to change any regex as you can use the "short" output to match syslog:
Example:
View postfix logs:
If you only want to view posfix smtp logs:
Example:
View postfix logs:
Code: Select all
journalctl --no-pager --quiet --unit='postfix' --since='2022-10-30 00:00:00' --until='2022-11-06 23:59:59' --output='short'
Code: Select all
journalctl --no-pager --quiet --identifier='postfix/smtp' --since='2022-10-30 00:00:00' --until='2022-11-06 23:59:59' --output='short'