Add journald support

Post Reply
marcele
Junior Member
Posts: 215
Joined: 17 Sep 2007, 17:02

Add journald support

Post by marcele »

Most new operating systems are switching to journald instead of syslog for logging as it provides a much needed unified interface for logging. It would be good if CSF could support this similar to fail2ban.

fail2ban:
https://unix.stackexchange.com/question ... md-journal

A good tutorial on using journalctl:
https://www.2daygeek.com/journalctl-rea ... stem-logs/
Last edited by marcele on 08 Nov 2022, 07:39, edited 1 time in total.
marcele
Junior Member
Posts: 215
Joined: 17 Sep 2007, 17:02

Re: Add journald support

Post by marcele »

You should note that you wouldn't even have to change any regex as you can use the "short" output to match syslog:

Example:

View postfix logs:

Code: Select all

journalctl --no-pager --quiet --unit='postfix' --since='2022-10-30 00:00:00' --until='2022-11-06 23:59:59' --output='short'
If you only want to view posfix smtp logs:

Code: Select all

journalctl --no-pager --quiet --identifier='postfix/smtp' --since='2022-10-30 00:00:00' --until='2022-11-06 23:59:59' --output='short'
Post Reply