Menu
▾
▴
[Sshguard-users] sshguard-1.5-r1 on gentoo: log entries missed
|
From: Robert S <rob...@gm...> - 2010-03-17 07:18:16
|
After a bit of fiddling around it appears that this pattern is being
recognised, but there is no evidence of this in my system log. It appears
that there are no ssghard messages appearing in my log. For example:
hostname robert # killall -HUP syslog-ng
hostname robert # tail /var/log/messages
Mar 17 18:00:32 hostname syslog-ng[30304]: Configuration reload request
received, reloading configuration;
[ .. other system log messages ]
hostname robert # ps ax |grep sshguard
21209 ? Sl 0:00 /usr/sbin/sshguard -f 100:/var/run/sshd.pid -b
/usr/local/var/sshguard/blacklist.db -w /etc/sshguard.whitelist
I am using syslog-ng 3.0.4 on gentoo. Here is the relevant bit out of my
syslog-ng config:
# pass only entries with auth+authpriv facilities from programs other than
sshguard
filter f_sshguard { facility(auth, authpriv) and not program("sshguard"); };
# pass entries built with this format
destination sshguard {
program("/usr/sbin/sshguard -f 100:/var/run/sshd.pid -b
/usr/local/var/sshguard/blacklist.db -w /etc/sshguard.whitelist"
template("$DATE $FULLHOST $MSGHDR$MESSAGE\n")
);
};
log { source(src); filter(f_sshguard); destination(sshguard); };
I've used the log sucker and SSHGUARD_DEBUG, but this is rather cumbersome
and really only useful for debugging.
|
