Hi Gilles, On 5/26/20 12:04 AM, gil...@poolp.org wrote: > We now provide a reporting API which is basically a stream of events that can > be consumed by tools. It is a line-based format which is not meant to be read > by humans but meant to be easily parsed by tools and that provides all of the > information necessary to replicate the session states. Using this stream, one > can write a tiny filter which aggregates info and outputs logs tailored for a > specific third-party application with a guarantee that it won't break when we > make a subtle change to the maillog format. If I were working on SSHGuard for > example, I'd write an sshguard-exporter script that reads the stream and that > outputs to syslog a format SSHguard recognizes. This way, an smtpd user would > simply: > > filter sshguard proc-exec "sshguard-exporter" > listen on all filter sshguard > action "foobar" relay filter sshguard > > SSHguard itself would never need to be altered to follow changes in logs.
Thanks makes sense to me. I was vaguely aware that actions and filters became available, but I didn't know that they could do this. I think this is exactly what I was looking for. Thanks, Kevin -- Kevin Zheng kevinz5...@gmail.com | kev...@berkeley.edu XMPP: kev...@eecs.berkeley.edu
