Re: [Sshguard-users] sshguard 1.5 not recognizing invalid user log messages from sshd on OpenBSD.

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Sun, Jun 24, 2012 at 06:03:28PM -0600, Richard Johnson wrote:
> But that patch does not fix the recognition of the pattern within the
> longer lines when running 'sshguard -l /var/log/authlog'.

This looks to be a timestamp issue rather than a more general parsing
problem on the longer lines.

When I feed the log messages a couple per second with accurate timestamps,
sshguard picks up on the simulated brute forcing.

It appears that the patch for allowing a lower case 'i' on 'invalid user'
has given me a working sshguard for ssh brute forcing of nonexistent
users on OpenBSD 5.1.

Richard

Re: [Sshguard-users] sshguard 1.5 not recognizing invalid user log messages from sshd on OpenBSD.

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] sshguard 1.5 not recognizing invalid user log messages from sshd on OpenBSD.