Re: [Sshguard-users] sshguard 1.0 create huge amount log in suse 10.1 with default setting

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Mij

I have solved the message loop problem specifying in the
/etc/syslog-ng/syslog-ng.conf,

  filter sshlogs { facility(auth, authpriv) and match('^sshd\['); };
  destination sshguardproc { program("/usr/local/sbin/sshguard"
template("$DATE $FULLHOST $MESSAGE\n")); };
  log { source(src); filter(sshlogs); destination(sshguardproc); };

"match('^sshd\[')" can solve the problem.  If this is not specified,
message containing
"sshd" in any position in the log can be parsed into sshguard.

I think it's better to include this instruction for README/manuals. Otherwise,
some people could get huge log files and use up disk quota :-)

Thanks,
truffe.

Re: [Sshguard-users] sshguard 1.0 create huge amount log in suse 10.1 with default setting

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] sshguard 1.0 create huge amount log in suse 10.1 with default setting