Menu
▾
▴
Re: [Sshguard-users] Parser changes for FreeBSD
|
From: Willem J. W. <wj...@di...> - 2014-05-27 17:31:43
|
There are more options to syslog in freebsd. Like logging facility:priority. That will also upset parsing. I did try and fix that, and send the diff to sshguard maintainer. But so far no result. Also did a different version with ipfw and fixed table. So one can use its own rules set and just block on table(50) any where one would like. If you want I can dig out the diffs --WjW Op 27 mei 2014 om 18:09 heeft Mark Felder <fe...@fr...> het volgende geschreven: > Following up on an old mailing list entry I found: > >> FreeBSD syslogd has an option to make it more verbose when writing >> logs. >> I'm old and slow; so I find the option helpful. Unfortunately using >> the option spoils sshguard's parser. > > This bug still exists. I'm currently the sshguard port maintainer on > FreeBSD. Another developer started using sshguard, stumbled upon the > same bug, and asked my assistance with figuring out why none of the bots > scanning his hosts were getting blocked. I don't think it's that unusual > to increase the verbosity of syslogd messages, especially if you're > receiving syslog messages from remote machines or jails running on the > same host. > > So I guess what I'm meaning to ask: was there any progress on this? > Could the verbose log prefix be recognized instead of having the entry > be completely discarded? It seems that the regex matching here is simply > too strict... > > > Thanks! > > ------------------------------------------------------------------------------ > The best possible search technologies are now affordable for all companies. > Download your FREE open source Enterprise Search Engine today! > Our experts will assist you in its installation for $59/mo, no commitment. > Test it for FREE on our Cloud platform anytime! > http://pubads.g.doubleclick.net/gampad/clk?id=145328191&iu=/4140/ostg.clktrk > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users > |
