sshguard-users Mailing List for SSHGuard (Page 19)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I have tried with 3x OpenBSD pc, to get sshguard working.
I have manage to get bruteforce table to work with pf.conf and see
blocked ip with pfctl -T show - bruteforce
No result with pfctl -T show sshguard
Only time I got result with pfctl -T show sshguard was wile haveing one
xterm with sshguard in debuge mode and feed it attack signature from
sshguard.org website example list, and before closing sshguard debuge mode
running in another xterm pfctl cmd.

I have via OpenBSD irc channel at freenode heard a other using reporting
just installing, copying the table into pf.conf, and update with pfctl,
and rcctl enable sshguard, and rcctl start sshguard.

While running sshguard in debuge mode it got clear to me, It does manage to
read /var/log/authlog ... but I have problem with the content of authlog..
could this be something related to locals? These pc was setup during install
with "no" norwegian keyboard, OpenBSD 6.0.

env SSHGUARD_DEBUG=foo /usr/local/sbin/sshguard -l /var/log/authlog

I then hammered ssh from putty on a windows pc, until this happend in the
debug window
:

Stack now 0
Cleanup: discarding lookahead token WORD ()
Stack now 0
Checking to refresh sources...
Refreshing sources showed 0 changes.
Start polling.
Searching for fd 4 in list.
Starting parse
Entering state 0
Reading a token: --accepting rule at line 116 ("Jan 22 21:26:39 skylake
su:")
Next token is token SYSLOG_BANNER ()
Shifting token SYSLOG_BANNER ()
Entering state 3
Reading a token: --accepting rule at line 221 (" ")
--accepting rule at line 220 ("xxxxx")
Next token is token WORD ()
Error: popping token SYSLOG_BANNER ()
Stack now 0
Cleanup: discarding lookahead token WORD ()
Stack now 0
Checking to refresh sources...
Refreshing sources showed 0 changes.
Start polling.

2007	Jan	Feb	Mar (10)	Apr (7)	May (6)	Jun (13)	Jul (4)	Aug	Sep	Oct (17)	Nov (5)	Dec (4)
2008	Jan (2)	Feb	Mar	Apr (4)	May (2)	Jun (7)	Jul (10)	Aug (4)	Sep (14)	Oct	Nov (1)	Dec (7)
2009	Jan (17)	Feb (20)	Mar (11)	Apr (14)	May (8)	Jun (3)	Jul (22)	Aug (9)	Sep (8)	Oct (6)	Nov (4)	Dec (8)
2010	Jan (17)	Feb (9)	Mar (15)	Apr (24)	May (14)	Jun (1)	Jul (21)	Aug (6)	Sep (2)	Oct (2)	Nov (6)	Dec (9)
2011	Jan (11)	Feb (1)	Mar (3)	Apr (4)	May	Jun	Jul (2)	Aug (3)	Sep (2)	Oct (29)	Nov (1)	Dec (1)
2012	Jan (1)	Feb (1)	Mar	Apr (13)	May (4)	Jun (9)	Jul (2)	Aug (2)	Sep (1)	Oct (2)	Nov (11)	Dec (4)
2013	Jan (2)	Feb (2)	Mar (4)	Apr (13)	May (4)	Jun	Jul	Aug (1)	Sep (5)	Oct (3)	Nov (1)	Dec (3)
2014	Jan	Feb (3)	Mar (3)	Apr (6)	May (8)	Jun	Jul	Aug (1)	Sep (1)	Oct (3)	Nov (14)	Dec (8)
2015	Jan (16)	Feb (30)	Mar (20)	Apr (5)	May (33)	Jun (11)	Jul (15)	Aug (91)	Sep (23)	Oct (10)	Nov (7)	Dec (9)
2016	Jan (22)	Feb (8)	Mar (6)	Apr (23)	May (38)	Jun (29)	Jul (43)	Aug (43)	Sep (18)	Oct (8)	Nov (2)	Dec (25)
2017	Jan (38)	Feb (3)	Mar (1)	Apr	May (18)	Jun (2)	Jul (16)	Aug (2)	Sep	Oct (1)	Nov (4)	Dec (14)
2018	Jan (15)	Feb (2)	Mar (3)	Apr (5)	May (8)	Jun (12)	Jul (19)	Aug (16)	Sep (8)	Oct (13)	Nov (15)	Dec (10)
2019	Jan (9)	Feb (3)	Mar	Apr (2)	May	Jun (1)	Jul	Aug (5)	Sep (5)	Oct (12)	Nov (4)	Dec
2020	Jan (2)	Feb (6)	Mar	Apr	May (11)	Jun (1)	Jul (3)	Aug (22)	Sep (8)	Oct	Nov (2)	Dec
2021	Jan (7)	Feb	Mar (19)	Apr	May (10)	Jun (5)	Jul (7)	Aug (3)	Sep (1)	Oct	Nov (10)	Dec (4)
2022	Jan (17)	Feb	Mar (7)	Apr (3)	May	Jun (1)	Jul (3)	Aug	Sep	Oct (6)	Nov	Dec
2023	Jan	Feb (5)	Mar (1)	Apr (3)	May	Jun (3)	Jul (2)	Aug	Sep	Oct	Nov (6)	Dec
2024	Jan	Feb	Mar	Apr	May (3)	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2025	Jan	Feb	Mar (15)	Apr (8)	May (10)	Jun	Jul	Aug	Sep	Oct	Nov	Dec

sshguard-users Mailing List for SSHGuard (Page 19)

Intelligently block brute-force attacks by aggregating system logs

sshguard-users — User questions and answers, bugs, and general support