Re: [SSHGuard-users] Enhancement Idea: Add Logging "Verbosity" Command-Line Option?

[Jim S. <jse...@Li...>]

On Wed, 23 Mar 2022 10:32:59 -0700
Kevin Zheng <kev...@gm...> wrote:

> On 3/15/22 11:18 AM, Jim Seymour wrote:
[snip]
> 
> If you want to watch multiple log files from one terminal, remember
> that you can pass multiple files to 'tail -f'. For example:
> 
> $ tail -f /var/log/auth.log /var/log/maillog

*sigh*  Y'know, I've been installing, configuring, administering,
maintaining, and using various flavors of *nix for about 35 years,
and I did not know that! <smh>

> 
[snip]
> 
> Would sshg-logtail | sshg-parser -a (in annotate mode) be closer to
> what you are looking for?

I do not know.  I'll look into it.

> 
> (What exactly are you trying to see? Which attacks that SSHGuard
> would have detected in real time?)

In the development/debug of the regexp code I'm working on: To see
each individual attack detection as it happens.  E.g. (from my code):

    sshguard[31417]: parse_line_re(): detected: service name:
     "postfix", service: 260, ip addr: "80.82.77.33", ip_type: 4

(I need to add "dangerousness" to that.)

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.