Thanks, I'll add this remark to the relevant setup page.
On Nov 16, 2009, at 21:08 , Adam James wrote:
> Hello all,
>
> Just thought I should mention that if you're piping messages into
> sshguard via syslog-ng, you'll probably find that blocking stops
> working when you upgrade to syslog-ng version 3.0. This is due to a
> subtle change in message format macros.
>
> The recommended configuration for version 2.x looks something like this:
>
> destination sshguard {
> program("/usr/sbin/sshguard"
> template("$DATE $FULLHOST $MESSAGE\n")
> );
> };
> filter f_sshguard { facility(auth, authpriv) and match("sshd"); };
> log { source(src); filter(f_sshguard); destination(sshguard); };
>
> In previous versions $MESSAGE included the program name and pid.
> However this has changed in version 3.0. You now need to include
> $MSGHDR:
>
> destination sshguard {
> program("/usr/sbin/sshguard"
> template("$DATE $FULLHOST $MSGHDR$MESSAGE\n")
> );
> };
> filter f_sshguard { facility(auth, authpriv) and program("sshd"); };
> log { source(src); filter(f_sshguard); destination(sshguard); };
>
> Note that I also changed match() to program() in the filter, this stops
> syslog-ng complaining about a deprecated use of match.
>
> Hopefully this might prevent someone else suddenly realising their
> blocking isn't working and then spending 20 minutes trying to figure
> out what has changed!
>
>
> Cheers,
>
> - atj
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
