GitLab

I am exploring the, now favoured idea of opening and
closing the watched file on inotify events, on a
different branch.
In the meantime I am trying to shift the code closing
the open file to remove the dangling files I found
with `lsof`.
I frankly don't remember why I picked this path, although
I do remember thinking about the two possibilities: keep
file open or open and close.

This branch will explore the possibility to switch from keeping
an open file through the watch life to opening the file only
for reading.

By looking at the stats I noticed that, in my situation, the
number of events are quite limited.
Also, through _lsof_ I noticed that the binary had dangling
open files.
In this branch I will try to explore a solution to the above
through opening and closing the log files with each read.

Added memory stats and running the stats on its own go routine.

I wanted something to keep track of the go routines.
I am thinking short term (a few days, maybe a week) so I didn't
really think about scaling the counters for lasting longer
periods (months).
The program was **never** designed for high trafic, so that was
not considered either.

Not sure how this bug got it, or why it was not detected earlier.

Removed timeout for set configuration **and** creation of a set.
Since rules to handle the set are required in any case, it makes
little sense to add one if not already present.

Added some defaults for syslog, if none is specified.

Added a default configuration file in '/etc/' if none is specified.

* Removed IN_ATTRIB notification.
* Re-read was not working. Should be fixed now (it worked fine
  tonight).
* Having debug messages with the matching string ending up in
  the same file they came from would trigger the match again.
  One way would be to be careful about facility and regexp
  pattern. Another way, non exclusive, was to make the match
  string slightly different. Specifically replacing the IP with
  `{address was here}`
* Fixed some logging call.

Reorganised functions.
Moved most functions from main to the structs.
Updated structs (mostly Source, which is now a separate file).
Moved syslog code to a separate file.

Changed the configuration structure and added a few elements.
Introduced syslog logging.
Switched to wait groups for sync.

Finished a prototype to be tested with my servers.
It checks multiple sources and add the IP from grepping them
for abuse pattern into a nftables set.
The nftables configuration with the set and what to do with it
should be already up.
```nft -f``` will clear the set.

To try out the nftables library I wrote this little program, so
I could check the functions.

It didn't work with a real logrotate case.
Changed some code, fixed some errors.
Gonna try again and see if it survives a logrotate on one of my
systems.

Before committing myself to using Inotify, I am going to try it
out on my systems.
Especially since the Inotify events aren't what I expect them to
be; for example `rm` seems to result in a IN_ATTRIB and not
one of the IN_DELETE* events...

Trying to figure out how to use inotify for watching a log file.
Not sure yet I will go this way, just having a polling interval
and checking the file has not changed, might be good enough for
me.