[systemd-devel] Journal API demo application: "tallow" - a fail2ban replacement
Kok, Auke-jan H
auke-jan.h.kok at intel.com
Tue Nov 6 11:30:01 PST 2012
Hi folks,
I wrote a demo application that uses the journal API to scan for SSH
bruteforce logs in the journal, called "tallow".
I posted the project on my github page:
https://github.com/sofar/tallow
tallow "tails" the ssh messages and looks for failed logins from root
and unknown users, and temporary blocks the IP with iptables for a
while.
It's 250 lines of code, more or less, so very small. I hope the
project will be useful in some ways to folks here, so I posted it on
github. Either it will encourage people to build on the journal API's
or it will reduce your log file clutter :^).
Cheers, and enjoy,
Auke
More information about the systemd-devel
mailing list