|Y 8aaa04389f ipset support; fixes #1||1 год назад|
|doc||1 год назад|
|extra||1 год назад|
|pyruse||1 год назад|
|tests||1 год назад|
|.gitignore||1 год назад|
|Changelog.md||1 год назад|
|LICENSE||2 лет назад|
|README.md||1 год назад|
|TODO.md||1 год назад|
The benefits of Pyruse over products of the same kind are:
systemd-journal entries play an important role in Pyruse: instead of matching log entries against message patterns only, the whole range of systemd’s journal fields is available. This allows for the much faster integer comparisons (
_UID…), or even faster comparisons with short strings like the
_HOSTNAME, with the opportunity to test more often for equality, and less for regular expressions.
Programs that peruse the system logs usually apply a set of rules on each log entry, rule after rule, regardless of what can be deduced by the already-applied rules.
In contrast, each fact learnt by applying a rule in Pyruse can be taken into account so that rules that do not apply are not even considered.
For example, after matching the
SYSLOG_IDENTIFIER of a journal entry to the value
sshd, only SSH-related rules are applied, not Nginx-related rules, nor Prosody-related rules.
Each filter (ie. a matching step) or action (eg. a ban, an email, etc.) is a Python module with a very simple API. As soon as a new need arises, a module can be written for it.
For example, to my knowledge, there is no equivalent in any tool of the same scale, for the DNAT-correcting actions now included with Pyruse.
Whenever your upgrade Pyruse, make sure to check the Changelog.
/etc/pyruse directory is where system-specific files are looked-for:
pyruse.jsonfile that contains the configuration,
pyruse/filterssubfolders, which may contain additional actions and filters.
/etc/pyruse, an alternate directory may be specified with the
PYRUSE_EXTRA environment variable.
For more in-depth documentation, please refer to these pages: