Closed stephdl closed 2 months ago
Steps to reproduce
time="18-03-2024 11:33:58" level=info msg="Running journalctl command: /usr/bin/journalctl [journalctl --follow -n 0 SYSLOG_IDENTIFIER=dokuwiki2]" src="journalctl-SYSLOG_IDENTIFIER=dokuwiki2" type=journalctl
and for services
time="18-03-2024 11:33:58" level=info msg="Running journalctl command: /usr/bin/journalctl [journalctl --follow -n 0 _SYSTEMD_UNIT=sshd.service]" src="journalctl-_SYSTEMD_UNIT=sshd.service" type=journalctl
Expected behavior
I expect that crowdsec is able to read log from journald Actual behavior
In fact SYSLOG_IDENTIFIER is no more used
SYSLOG_IDENTIFIER
[root@R4-pve ~]# journalctl SYSLOG_IDENTIFIER=mail1 -- No entries -- [root@R4-pve ~]#
this drives that crowdsec is fully blind
we could uses the UID instead
journalctl _UID=$(id -u mail1)
Components ghcr.io/nethserver/crowdsec:1.0.6
See also https://mattermost.nethesis.it/nethesis/pl/pgogitpypfb57kyn5p56w13asc
thank davidep
QA
Install crowdsec ghcr.io/nethserver/crowdsec:1.0.7-dev.1 Once installed the purpose is to be banned, you can do it by ssh to demonstrate it (think to allow the ban from the LAN if needed)
test case: VERIFIED
Released in https://github.com/NethServer/ns8-crowdsec/releases/tag/1.0.7
Steps to reproduce
and for services
Expected behavior
I expect that crowdsec is able to read log from journald Actual behavior
In fact
SYSLOG_IDENTIFIER
is no more usedthis drives that crowdsec is fully blind
we could uses the UID instead
journalctl _UID=$(id -u mail1)
Components ghcr.io/nethserver/crowdsec:1.0.6
See also https://mattermost.nethesis.it/nethesis/pl/pgogitpypfb57kyn5p56w13asc
thank davidep