Menu
▾
▴
[Sshguard-users] How to read sshguard log messages - what does "x danger" mean?
|
From: Benedikt B. <ma...@be...> - 2013-01-16 19:20:39
|
Hi, I searched all the man pages and documentation on the website but could't really find some information on how to understand the log messages that sshguard writes if it blocks some attack. When there is something blocked, there is a message like <timestamp> <hostname> sshguard[1767]: Blocking <attacker IP> for >630secs: 40 danger in 4 attacks over 9 seconds (all: 40d in 1 abuses over 9s). So what does the "40 danger" mean in this context and what is it derived from? Am I right to say that the part in parentheses means that this IP has overall caused 40 danger points (wherever they may come from) with one abusive attempt within 9 seconds? Tanks for some answers or help. Greetz Benedikt |
