From cdd7225932d51f47850bd8aad2827483adaf51de Mon Sep 17 00:00:00 2001
From: Manuel Sabban <github@sabban.eu>
Date: Wed, 28 Jun 2023 10:23:40 +0200
Subject: [PATCH] Add journalctl for ssh by default

Origin: https://github.com/crowdsecurity/crowdsec/pull/2316/


Gbp-Pq: Name 0017-fix-default-acquisition.patch
---
 config/acquis.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/acquis.yaml b/config/acquis.yaml
index cc3631f..f0f9995 100644
--- a/config/acquis.yaml
+++ b/config/acquis.yaml
@@ -11,6 +11,12 @@ filenames:
 labels:
   type: syslog
 ---
+source: journalctl
+journalctl_filter:
+ - "_SYSTEMD_UNIT=ssh.service"
+labels:
+  type: syslog
+---
 filename: /var/log/apache2/*.log
 labels:
   type: apache2
-- 
2.30.2