Menu
▾
▴
Re: [SSHGuard-users] Enhancement Idea: Add Logging "Verbosity" Command-Line Option?
|
From: Kevin Z. <kev...@gm...> - 2022-03-23 17:33:10
|
On 3/15/22 11:18 AM, Jim Seymour wrote: > I can "tail -f <logfile> |grep yadda-yadda-yadda" to see what's logged > to auth.log, but, if sshguard is watching multiple logs that doesn't > show me all I want to see w/o opening multiple windows and tailing > multiple logfiles. If you want to watch multiple log files from one terminal, remember that you can pass multiple files to 'tail -f'. For example: $ tail -f /var/log/auth.log /var/log/maillog Alternatively, you can run the sshg-logtail script installed in libexec, which is a wrapper around the different ways that you invoke tail on different operating systems. > So I'm thinking: > > . Change the "version" command line switch from "-v" to "-V", > and... > > . Make "-v" a "verbose" switch to cause sshguard to emit more > information to wherever it's logging. Info such as: > > sshguard: Detected: service name: "postfix", service: 260, > ip addr: 192.168.1.2, ip_type: 4, dangerousness: 10 > > Maybe make "-v" take a verbosity level argument? Improvements that would make it easier to see what SSHGuard is doing are certainly welcome. Would sshg-logtail | sshg-parser -a (in annotate mode) be closer to what you are looking for? (What exactly are you trying to see? Which attacks that SSHGuard would have detected in real time?) Regards, Kevin |
