Menu
▾
▴
Re: [Sshguard-users] sshguard 1.0 create huge amount log in suse 10.1 with default setting
|
From: Mij <mi...@bi...> - 2007-05-22 12:02:38
|
On 22/mag/07, at 05:36, Truffe Champagne wrote:
> Hi Mij
>
> I have solved the message loop problem specifying in the
> /etc/syslog-ng/syslog-ng.conf,
>
> filter sshlogs { facility(auth, authpriv) and match('^sshd\['); };
> destination sshguardproc { program("/usr/local/sbin/sshguard"
> template("$DATE $FULLHOST $MESSAGE\n")); };
> log { source(src); filter(sshlogs); destination(sshguardproc); };
>
> "match('^sshd\[')" can solve the problem. If this is not specified,
> message containing
> "sshd" in any position in the log can be parsed into sshguard.
This is correct because the parsing result logging includes the original
string, which contained sshd and is then passed again in a loop.
Sorry for having missed that.
> I think it's better to include this instruction for README/manuals.
> Otherwise,
> some people could get huge log files and use up disk quota :-)
I have chosen to remove that parser result logging, which is definitely
excessive even for DEBUG. This is simpler, cleaner and spares some
load to the logging system. This will appear in beta3, along with a
slighlty
modified backend for iptables.
If you like to apply this modification immediately, you can remove the
sshguard_log() line in src/sshguard.c, line 142 and recompile the app.
thanks for your trials and reports
> Thanks,
> truffe.
>
> ----------------------------------------------------------------------
> ---
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
