From: Manuel Sabban <github@sabban.eu>
Date: Wed, 28 Jun 2023 08:23:40 +0000 (+0200)
Subject: Add journalctl for ssh by default
X-Git-Tag: archive/raspbian/1.4.6-8+rpi1^2~3
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=23130e5eb2b7c83ab4094f7b361cd271497ded37;p=crowdsec.git

Add journalctl for ssh by default

Origin: https://github.com/crowdsecurity/crowdsec/pull/2316/


Gbp-Pq: Name 0017-fix-default-acquisition.patch
---

diff --git a/config/acquis.yaml b/config/acquis.yaml
index cc3631f..f0f9995 100644
--- a/config/acquis.yaml
+++ b/config/acquis.yaml
@@ -11,6 +11,12 @@ filenames:
 labels:
   type: syslog
 ---
+source: journalctl
+journalctl_filter:
+ - "_SYSTEMD_UNIT=ssh.service"
+labels:
+  type: syslog
+---
 filename: /var/log/apache2/*.log
 labels:
   type: apache2