You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm currently using fail2ban 0.10.2 on Ubuntu Eoan, trying to set up a Recidive jail, and while testing/debugging the regex due to a rather large journal I tried to see if there was any way to get fail2ban-regex to start the journal reader from a fixed date or at least a journal cursor entry.
So this is a request for enhancement to provide such functionality. The systemd Python API has the required method(s):
Getting the cursor for a log entry via journalctl is easy, it's just journalctl -o json <plus any filters> , but of course just adding the ability to use a datetime would be even easier.
Thanks for considering!
The text was updated successfully, but these errors were encountered:
Oh! That looks much better than hard-coding a log-backend specific argument.
So the backend argument parsing has to change a bit somewhere around here .. probably best to simply pluck the from= / to= (or since= / until= if we want to use systemd/journald terminology) kwargs, so they won't interfere when passed to journal.Reader (as that class doesn't support them), and then simply apply the filters after self.__journal got initialized.
Hello,
I'm currently using fail2ban 0.10.2 on Ubuntu Eoan, trying to set up a Recidive jail, and while testing/debugging the regex due to a rather large journal I tried to see if there was any way to get fail2ban-regex to start the journal reader from a fixed date or at least a journal cursor entry.
So this is a request for enhancement to provide such functionality. The systemd Python API has the required method(s):
https://www.freedesktop.org/software/systemd/python-systemd/journal.html#systemd.journal.Reader.seek_realtime
https://www.freedesktop.org/software/systemd/python-systemd/journal.html#systemd.journal.Reader.seek_cursor
Getting the cursor for a log entry via journalctl is easy, it's just
journalctl -o json <plus any filters>
, but of course just adding the ability to use a datetime would be even easier.Thanks for considering!
The text was updated successfully, but these errors were encountered: