sshguard-users Mailing List for SSHGuard (Page 54)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

interesting. Based on others' reports, the cases should look like the following:

1) with "$DATE $FULLHOST $MESSAGE"   (v2):
Dec  4 19:00:19 localhost host.domain.com (1.2.3.4[1.2.3.4]) - USER foobar: no such user found from 1.2.3.4 [1.2.3.4] to 5.6.7.8:21

2) with "$DATE $FULLHOST $MSGHDR$MESSAGE\n"   (v3):
Dec  4 19:00:19 localhost proftpd[345]: host.domain.com (1.2.3.4[1.2.3.4]) - USER foobar: no such user found from 1.2.3.4 [1.2.3.4] to 5.6.7.8:21

If this is not the case, please indicate the two formats produced instead.
Essentially, sshguard expects a standard format for syslog/syslog-ng's prefix.

On Jan 20, 2010, at 12:52 , Arne Riecken wrote:

> Hello,
> 
> http://www.sshguard.net/docs/setup/getlogs/syslog-ng/
> 
> says
> "For syslog-ng 3.x, use these lines for the configuration file:
> [...]
> template("$DATE $FULLHOST $MSGHDR$MESSAGE\n")
> [...]
> "
> 
> But proftpd login failures only get matched when I use
> template("$DATE $FULLHOST $MESSAGE\n")
> 
> as it is said for syslog-ng 2.x
> 
> Versions:
> sshguard 1.4.4
> syslog-ng 3.0.4
> proftpd 1.3.2b
> 
> ------------------------------------------------------------------------------
> Throughout its 18-year history, RSA Conference consistently attracts the
> world's best and brightest in the field, creating opportunities for Conference
> attendees to learn about information security's most important issues through
> interactions with peers, luminaries and emerging and established companies.
> http://p.sf.net/sfu/rsaconf-dev2dev
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users

2007	Jan	Feb	Mar (10)	Apr (7)	May (6)	Jun (13)	Jul (4)	Aug	Sep	Oct (17)	Nov (5)	Dec (4)
2008	Jan (2)	Feb	Mar	Apr (4)	May (2)	Jun (7)	Jul (10)	Aug (4)	Sep (14)	Oct	Nov (1)	Dec (7)
2009	Jan (17)	Feb (20)	Mar (11)	Apr (14)	May (8)	Jun (3)	Jul (22)	Aug (9)	Sep (8)	Oct (6)	Nov (4)	Dec (8)
2010	Jan (17)	Feb (9)	Mar (15)	Apr (24)	May (14)	Jun (1)	Jul (21)	Aug (6)	Sep (2)	Oct (2)	Nov (6)	Dec (9)
2011	Jan (11)	Feb (1)	Mar (3)	Apr (4)	May	Jun	Jul (2)	Aug (3)	Sep (2)	Oct (29)	Nov (1)	Dec (1)
2012	Jan (1)	Feb (1)	Mar	Apr (13)	May (4)	Jun (9)	Jul (2)	Aug (2)	Sep (1)	Oct (2)	Nov (11)	Dec (4)
2013	Jan (2)	Feb (2)	Mar (4)	Apr (13)	May (4)	Jun	Jul	Aug (1)	Sep (5)	Oct (3)	Nov (1)	Dec (3)
2014	Jan	Feb (3)	Mar (3)	Apr (6)	May (8)	Jun	Jul	Aug (1)	Sep (1)	Oct (3)	Nov (14)	Dec (8)
2015	Jan (16)	Feb (30)	Mar (20)	Apr (5)	May (33)	Jun (11)	Jul (15)	Aug (91)	Sep (23)	Oct (10)	Nov (7)	Dec (9)
2016	Jan (22)	Feb (8)	Mar (6)	Apr (23)	May (38)	Jun (29)	Jul (43)	Aug (43)	Sep (18)	Oct (8)	Nov (2)	Dec (25)
2017	Jan (38)	Feb (3)	Mar (1)	Apr	May (18)	Jun (2)	Jul (16)	Aug (2)	Sep	Oct (1)	Nov (4)	Dec (14)
2018	Jan (15)	Feb (2)	Mar (3)	Apr (5)	May (8)	Jun (12)	Jul (19)	Aug (16)	Sep (8)	Oct (13)	Nov (15)	Dec (10)
2019	Jan (9)	Feb (3)	Mar	Apr (2)	May	Jun (1)	Jul	Aug (5)	Sep (5)	Oct (12)	Nov (4)	Dec
2020	Jan (2)	Feb (6)	Mar	Apr	May (11)	Jun (1)	Jul (3)	Aug (22)	Sep (8)	Oct	Nov (2)	Dec
2021	Jan (7)	Feb	Mar (19)	Apr	May (10)	Jun (5)	Jul (7)	Aug (3)	Sep (1)	Oct	Nov (10)	Dec (4)
2022	Jan (17)	Feb	Mar (7)	Apr (3)	May	Jun (1)	Jul (3)	Aug	Sep	Oct (6)	Nov	Dec
2023	Jan	Feb (5)	Mar (1)	Apr (3)	May	Jun (3)	Jul (2)	Aug	Sep	Oct	Nov (6)	Dec
2024	Jan	Feb	Mar	Apr	May (3)	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2025	Jan	Feb	Mar (15)	Apr (8)	May (10)	Jun	Jul	Aug	Sep (6)	Oct	Nov	Dec

sshguard-users Mailing List for SSHGuard (Page 54)

Intelligently block brute-force attacks by aggregating system logs

sshguard-users — User questions and answers, bugs, and general support