File: 0017-fix-default-acquisition.patch

package info (click to toggle)
crowdsec 1.4.6-10.1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 18,500 kB
  • sloc: sh: 2,870; makefile: 386; python: 74
file content (21 lines) | stat: -rw-r--r-- 540 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
From: Manuel Sabban <github@sabban.eu>
Date: Wed Jun 28 10:23:40 2023 +0200
Subject: Add journalctl for ssh by default
Origin: https://github.com/crowdsecurity/crowdsec/pull/2316/
diff --git a/config/acquis.yaml b/config/acquis.yaml
index cc3631f3..69976b38 100644
--- a/config/acquis.yaml
+++ b/config/acquis.yaml
@@ -10,6 +10,12 @@ filenames:
  - /var/log/syslog
 labels:
   type: syslog
+---
+source: journalctl
+journalctl_filter:
+ - "_SYSTEMD_UNIT=ssh.service"
+labels:
+  type: syslog
 ---
 filename: /var/log/apache2/*.log
 labels: