Menu
▾
▴
Re: [SSHGuard-users] Blocked vs signalling
|
From: Kevin Z. <kev...@gm...> - 2017-07-21 20:08:43
|
On 07/21/2017 07:32, Jos Chrispijn wrote: > Jul 21 16:26:29 ares kernel: Jul 21 16:26:29 ares sshguard[60128]: > Attack from "58.19.14.52" on service 260 with danger 10. > Jul 21 16:26:29 ares kernel: Jul 21 16:26:29 ares sshguard[68586]: > Attack from "58.19.14.52" on service 260 with danger 10. > Jul 21 16:26:29 ares sshguard[9447]: 58.19.14.52 has already been blocked The first two lines are printed while SSHGuard parses log messages. The third is when SSHGuard actually tries to block the offenders, and realizes that it's already been blocked. > In my opinion the third line should be the first line as that was a fact > before the ip in the first line entered my location? > With that, both current first lines are to rule out (unnecessary > information as the ip was blocked anyway)? I agree that this is a little confusing and should probably be fixed. -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
