I’ve been using f2b on macOS (and other OSen) for many years, with very good results. As of macOS 10.12 (Sierra), though, macOS is now using a “unified” logging configuration (see https://developer.apple.com/documentation/os/logging), so everything is in memory and/or an internal database instead of text-based logfiles. I can still create “hard” logfiles using a command like this:
/usr/bin/log stream --predicate 'process == "smtpd"' --style syslog >> /var/log/smtpd.log The downside to this method is that we’re writing & reading logfiles to disk, generating I/O. Can fail2ban be configured to read from a process instead of a logfile? For example, in jail.local, is it possible for “logpath” to be a process instead of a file, for example: Current: logpath = /var/log/smtpd.log Desired: logpath = `/usr/bin/log stream --predicate 'process == "smtpd"' --style syslog` Another example: https://blog.uni-koeln.de/rrzk-knowhow/2017/01/05/sshblack-under-macos-sierra/ Or something like that. This method would also solve logfile-rotation issues, at least on systems that support unified logging. Possible? TIA Jon ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
