Menu
▾
▴
Re: [Sshguard-users] sshguard-1.5-r1 on gentoo: log entries missed
|
From: Mij <mi...@ss...> - 2010-04-28 22:11:23
|
On Apr 28, 2010, at 23:14 , Robert S wrote: >> Your backtrace seems intresting. sshguard seems waiting while performing process authentication. >> Procauth has been there for long and should be stable. Can you please try to temporary disable >> the "-f 100:/var/run/sshd.pid" and observe if you still get that? The outcome will confirm/falsify the >> insight. >> > > I'm running sshguard with these options, with the SSHGUARD_DEBUG variable set: > > # sshguard -l /var/log/auth.log -b > /usr/local/var/sshguard/blacklist.db -w /etc/sshguard.whitelist > > I've had it running for 24hr and its still running now. There have > been two intruders blocked over this time (there seem to be much fewer > attempted logins lately!). I think that's fixed it. > > Unfortunately no sshguard activity appears in my syslog - this feature > seems to have disappeared in recent versions of the software. It > seems to be necessary to set the SSHGUARD_DEBUG variable, which gives > an extremely verbose debug output. I think that this has led to my > not realising that sshguard was not working for many months before > this problem cropped up. Is it possible to enable logging to syslog - > or to another log file? Activity should appear in your syslog, with AUTH facility. There was a change in recent versions, namely now only output "> LOG_NOTICE" is issued. Curiously, this change is fruit of other users' requests. On the one hand, this should be sufficient for normal use (ie, as soon as you don't have your bug anymore); on the other hand, it's true it makes possible problems of this sort less apparent. I'll give it a thought and decide something before 1.5stable. If you want to temporarily tweak it to your preference, change const int sshguard_log_minloglevel = LOG_NOTICE; to whichever level you prefer in sshguard_log.c . |
