Menu
▾
▴
Re: [SSHGuard-users] sshguard restart loop when using syslogd
|
From: Jef P. <je...@ma...> - 2016-05-10 06:42:52
|
Kevin Zheng: >Thanks for updating to 1.6.4. Could you try starting SSHGuard as a >daemon using the rc.d script and see if the problem persists? I'm sure that would fix the restart looping, as I suggested in my initial message. At the moment I can't start using the rc.d script for other reasons, which actually could be considered a bug in sshguard. Ok, since you asked so nicely I'll explain. My auth.log doesn't get much traffic and hasn't been rotated in years. When sshguard starts up it reads the whole file, sees all of my own logins happening at the current instant, and marks me as an attacker. It may have something to do with syslog lines not including the year - maybe sshguard parses the yearless timestamps past today's date as being in the future? It just occured to me this this is *exactly* the plot line of tonight's Person of Interest episode! Anyway I have fixed my newsyslog.conf to rotate more often, but I don't want to manually rotate the files so I'm not going to start sshguard from rc.d until they rotate on their own. There's already a note in http://www.sshguard.net/docs/setup/ about syslogd terminating and restarting sshguard, although it's not completely accurate. If the devs don't want to lower the log level of the exiting messages to LOG_DEBUG to prevent the restarting, then perhaps just correct this note and add the "!-sshguard" tweak I worked out. A doc change is always easier than a code change right? --- Jef Jef Poskanzer je...@ma... http://acme.com/jef/ |
