Menu
▾
▴
Re: [Sshguard-users] confused about what to expect
|
From: Emmanuel <el...@ms...> - 2016-01-21 21:17:09
|
When I run the log I sent through sshguard with the SSHGUARD_DEBUG=yes flag on I get this:
from this log:
Jan 21 20:42:38 coreos sshd: Failed password for root from 183.3.202.107 port 15012 ssh2Jan 21 20:42:39 coreos sshd: Failed password for root from 183.3.202.107 port 15012 ssh2Jan 21 20:42:39 coreos sshd: Failed password for root from 183.3.202.107 port 15012 ssh2Jan 21 20:42:40 coreos sshd: Received disconnect from 183.3.202.107: 11: [preauth]Jan 21 20:42:40 coreos sshd: Disconnected from 183.3.202.107 [preauth]Jan 21 20:42:48 coreos sshd: Failed password for root from 183.3.202.107 port 63755 ssh2Jan 21 20:42:49 coreos sshd: Failed password for root from 183.3.202.107 port 63755 ssh2Jan 21 20:42:49 coreos sshd: Failed password for root from 183.3.202.107 port 63755 ssh2Jan 21 20:42:50 coreos sshd: Received disconnect from 183.3.202.107: 11: [preauth]Jan 21 20:42:50 coreos sshd: Disconnected from 183.3.202.107 [preauth]
I get this output:
Run command "iptables -w -L -n": exited 0.Started with danger threshold=40 ; minimum block=420 secondsStarting parseEntering state 0Reading a token: --accepting rule at line 201 ("Jan 21 20:42:38")Next token is token TIMESTAMP_SYSLOG ()Cleanup: discarding lookahead token TIMESTAMP_SYSLOG ()Stack now 0Starting parseEntering state 0Reading a token: --accepting rule at line 201 ("Jan 21 20:42:39")Next token is token TIMESTAMP_SYSLOG ()Cleanup: discarding lookahead token TIMESTAMP_SYSLOG ()Stack now 0Starting parseEntering state 0Reading a token: --accepting rule at line 201 ("Jan 21 20:42:39")Next token is token TIMESTAMP_SYSLOG ()Cleanup: discarding lookahead token TIMESTAMP_SYSLOG ()Stack now 0Starting parseEntering state 0Reading a token: --accepting rule at line 201 ("Jan 21 20:42:40")Next token is token TIMESTAMP_SYSLOG ()Cleanup: discarding lookahead token TIMESTAMP_SYSLOG ()Stack now 0Starting parseEntering state 0Reading a token: --accepting rule at line 201 ("Jan 21 20:42:40")Next token is token TIMESTAMP_SYSLOG ()Cleanup: discarding lookahead token TIMESTAMP_SYSLOG ()Stack now 0Starting parseEntering state 0Reading a token: --accepting rule at line 201 ("Jan 21 20:42:48")Next token is token TIMESTAMP_SYSLOG ()Cleanup: discarding lookahead token TIMESTAMP_SYSLOG ()Stack now 0Starting parseEntering state 0Reading a token: --accepting rule at line 201 ("Jan 21 20:42:49")Next token is token TIMESTAMP_SYSLOG ()Cleanup: discarding lookahead token TIMESTAMP_SYSLOG ()Stack now 0Starting parseEntering state 0Reading a token: --accepting rule at line 201 ("Jan 21 20:42:49")Next token is token TIMESTAMP_SYSLOG ()Cleanup: discarding lookahead token TIMESTAMP_SYSLOG ()Stack now 0Starting parseEntering state 0Reading a token: --accepting rule at line 201 ("Jan 21 20:42:50")Next token is token TIMESTAMP_SYSLOG ()Cleanup: discarding lookahead token TIMESTAMP_SYSLOG ()Stack now 0Starting parseEntering state 0Reading a token: --accepting rule at line 201 ("Jan 21 20:42:50")Next token is token TIMESTAMP_SYSLOG ()Cleanup: discarding lookahead token TIMESTAMP_SYSLOG ()Stack now 0
So what exactly is happening here?
Thanks
> To: ssh...@li...
> From: kev...@gm...
> Date: Thu, 21 Jan 2016 11:49:55 -0800
> Subject: Re: [Sshguard-users] confused about what to expect
>
> On 01/21/2016 11:46, Emmanuel wrote:
> > *Is there any way to redirect this to stdout for example?*
>
> Yes, set SSHGUARD_DEBUG=yes in your environment.
>
> Best,
> Kevin
>
> --
> Kevin Zheng
> kev...@gm... | ke...@kd... | PGP: 0xC22E1090
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
