Menu
▾
▴
Re: [SSHGuard-users] sshguard restart loop when using syslogd
|
From: Jef P. <je...@ma...> - 2016-05-12 05:16:16
|
Kevin: >SSHGuard should certainly not be reading your entire auth.log at >startup. What version of SSHGuard are you using? Are you just using the >standard invocation from rc.d (no other options set)? Now that I've updated my FreeBSD ports tree I'm using sshguard 1.6.4. I started it via a plain old "service sshguard start", no added options, unmodified rc file. What keeps sshguard from reading the whole auth.log on startup? Is it the timestamps? If so then what about my speculation that the lack of a year on the timestamps is messing this up? I looked for the code that does this for a few minutes but didn't find it. This is a side issue since as soon as my logfiles rotate properly I'll try starting sshguard from rc again and expect it will work fine. Nevertheless it's interesting behavior and if it's easy to fix, why not. >> There's already a note in http://www.sshguard.net/docs/setup/ about >> syslogd terminating and restarting sshguard, although it's not >> completely accurate. > >Could you clarify which part is inaccurate? I'd like to fix it ASAP. - The big one is it says "several times a day". I was seeing exit & restart every hour, which is how often newsyslog runs on FreeBSD. 24 times a day is more than several. Maybe other systems run newsyslog less often? Or don't kill programs every time it runs? - It says "SIGHUP". sshguard 1.5 said "Got exit signal", 1.6.4 changed the wording to "Exiting on signal". If the code doesn't tell the user what signal then the note probably shouldn't either, to avoid confusion. - And, not an inaccuracy, but adding a mention of my "!-sshguard" config file tweak to prevent the immediate restarting would be nice. |
