[Sshguard-users] sshguard and syslog-ng on gentoo

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

i get an error with sshguard and syslog-ng on gentoo.
The version 1.0 works without problems, but version 1.4 and 1.5beta2  
just seems to crash when invoked directly from the syslogger!
If i start them via "tail -n0 -F /var/log/auth.log | tee -a  
/dev/stderr | env SSHGUARD_DEBUG="" /usr/sbin/sshguard" i get the  
following output:

Run command "iptables -L": exited 0.
Started successfully [(a,p,s)=(4, 420, 1200)], now ready to scan.
Jan 13 14:10:22 sdb sshd[21506]: pam_unix(sshd:auth): authentication  
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.1   
user=root
Starting parse
Entering state 0
Reading a token: --accepting rule at line 102 ("Jan 13 14:10:22 sdb  
sshd[21506]:")
Next token is token SYSLOG_BANNER_PID ()
Shifting token SYSLOG_BANNER_PID ()
Entering state 1
Reading a token: --accepting rule at line 186 (" ")
--accepting rule at line 185 ("pam_unix")
Next token is token WORD ()
Error: popping token SYSLOG_BANNER_PID ()
Stack now 0
Cleanup: discarding lookahead token WORD ()
Stack now 0
Jan 13 14:10:24 sdb sshd[21504]: error: PAM: Authentication failure  
for root from 192.168.0.1
Starting parse
Entering state 0
Reading a token: --accepting rule at line 102 ("Jan 13 14:10:24 sdb  
sshd[21504]:")
Next token is token SYSLOG_BANNER_PID ()
Shifting token SYSLOG_BANNER_PID ()
Entering state 1
Reading a token: --accepting rule at line 186 (" ")
--accepting rule at line 185 ("error")
Next token is token WORD ()
Error: popping token SYSLOG_BANNER_PID ()
Stack now 0
Cleanup: discarding lookahead token WORD ()
Stack now 0

What could be wrong here!?

Thanks in advance,
Andreas
--------------------------
--> NativeMail System <---
--------------------------

[Sshguard-users] sshguard and syslog-ng on gentoo

Intelligently block brute-force attacks by aggregating system logs

[Sshguard-users] sshguard and syslog-ng on gentoo