[Sshguard-users] Sshquard-pf does not pickup the ftp log.

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

We're trying to use sshguard-pf version 1.5.0 with vsftpd on FreeBSD
8.2. It's blocking invalid users using ssh, but it does not appear to
block any FTP traffic.

Vsftpd is writing to the default /var/log/xferlog and using the
xferlog_std_format setting. We have confirmed that the connection
attempts are being logged to the file.

The sshguard syslog entry looks like this:

auth.info;authpriv.info;ftp.info     |exec /usr/local/sbin/sshguard -a 1

Auth.info;authpriv.info	    /var/log/auth.log
ftp.info                    /var/log/xferlog

When we pass an invalid user connection attempt string from the
/var/log/xferlog file to sshguard in debug mode it does process it and
add the address to the pf table, but does not appear to be reading the
/var/log/xferlog file, only the auth.log.

Any suggestions?
Thanks.

[Sshguard-users] Sshquard-pf does not pickup the ftp log.

Intelligently block brute-force attacks by aggregating system logs

[Sshguard-users] Sshquard-pf does not pickup the ftp log.