Re: [Sshguard-users] sshguard-1.5-r1 on gentoo: log entries missed

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Thanks.

I left sshguard running overnight with the above config and recorded
hundreds of attempts to log in that were not blocked.  It appears that the
syslog-ng config is not sending messages to sshguard.

I have just downgraded sshguard to 1.4.4 and the logging is appearing again
my my system log:

Mar 18 07:48:23 hostname syslog-ng[30304]: Configuration reload request
received, reloading configuration;
Mar 18 07:48:23 hostname sshguard[27966]: authenticating service 100 with
process ID from /var/run/sshd.pid
Mar 18 07:48:23 hostname sshguard[27966]: whitelist: add block: 192.168.2.0
with mask 24.
Mar 18 07:48:23 hostname sshguard[27966]: whitelist: add '127.0.0.1' as
plain IPv4.
Mar 18 07:48:23 hostname sshguard[27966]: whitelist: add plain ip 127.0.0.1.
Mar 18 07:48:23 hostname sshguard[27966]: Run command "iptables -L": exited
0.
Mar 18 07:48:23 hostname sshguard[27966]: Blacklist loaded, 0 addresses.
Mar 18 07:48:23 hostname sshguard[27966]: Started successfully [(a,p,s)=(4,
420, 1200)], now ready to scan.

Re: [Sshguard-users] sshguard-1.5-r1 on gentoo: log entries missed

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] sshguard-1.5-r1 on gentoo: log entries missed