[Sshguard-users] Mountain Lion sshd log lines not recognized

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I've setup sshguard on OS X 10.8.2 "Mountain Lion". I've successfully integrated sshguard with the system's pf firewall; using interactive mode and the sample log lines I see new IPs blocked in pf.

However actual failures are not being acted upon. Pasting log lines into sshguard interactive mode it appears log messages are not being parsed.

Some sample sshd messages:
Dec  2 03:26:16 server.example.com sshd[20830]: error: PAM: unknown user for illegal user richard from 82.221.99.229 via 1.2.3.4
Dec  2 10:04:32 server.example.com sshd[41143]: error: PAM: authentication error for root from badguy.comcast.net via 1.2.3.4

The "via 1.2.3.4" is the interface IP address of the logging server.

-Adrian

[Sshguard-users] Mountain Lion sshd log lines not recognized

Intelligently block brute-force attacks by aggregating system logs

[Sshguard-users] Mountain Lion sshd log lines not recognized