[SSHGuard-users] Duplicate log lines

[@lbutlr <kr...@kr...>]

When checking my logs I am seeing that sshguard attack log lines are tripled in my logs, once in auth.log, console.log, messages, and security

auth.log:Dec  3 12:36:49 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
auth.log:Dec  3 12:37:06 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
auth.log:Dec  3 12:37:18 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
console.log:Dec  3 12:36:49 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
console.log:Dec  3 12:37:06 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
console.log:Dec  3 12:37:18 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
messages:Dec  3 12:36:49 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
messages:Dec  3 12:37:06 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
messages:Dec  3 12:37:18 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
security:Dec  3 12:36:49 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
security:Dec  3 12:37:06 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.
security:Dec  3 12:37:18 mail sshguard[53698]: Attack from "66.42.114.146" on service 100 with danger 10.

My sshguard config is pretty basic:

BACKEND="/usr/local/libexec/sshg-fw-pf"
FILES="/var/log/auth.log /var/log/mail.log"
THRESHOLD=30
BLOCK_TIME=1200
DETECTION_TIME=18000
WHITELIST_FILE=/usr/local/etc/sshguard.whitelist

It’s possible that my rsyslog is causing this?

*.err;kern.warning;auth.notice;mail.crit                //var/log/console.log
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err   /var/log/messages
security.*                                      /var/log/security
auth.info;authpriv.info                         /var/log/auth.log
console.info                                    /var/log/console.log



-- 
And there were all the stars, looking remarkably like powered diamonds
spilled on black velvet, the stars that lured and ultimately called the
boldest towards them…