sshguard-users

[SSHGuard-users] Enhancement Idea: Add Logging "Verbosity" Command-Line Option?

[Jim S. <jse...@Li...>]

Hi Again,

Doing some experimental coding on sshguard and watching for effects
in real-time, I've run into something of an inconvenience.

I can "tail -f <logfile> |grep yadda-yadda-yadda" to see what's logged
to auth.log, but, if sshguard is watching multiple logs that doesn't
show me all I want to see w/o opening multiple windows and tailing
multiple logfiles.

So I'm thinking:

    . Change the "version" command line switch from "-v" to "-V",
      and...

    . Make "-v" a "verbose" switch to cause sshguard to emit more
      information to wherever it's logging.  Info such as:

      sshguard: Detected: service name: "postfix", service: 260,
       ip addr: 192.168.1.2, ip_type: 4, dangerousness: 10

Maybe make "-v" take a verbosity level argument?

What think y'all?

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

Re: [SSHGuard-users] Enhancement Idea: Add Logging "Verbosity" Command-Line Option?

[Kevin Z. <kev...@gm...>]

On 3/15/22 11:18 AM, Jim Seymour wrote:
> I can "tail -f <logfile> |grep yadda-yadda-yadda" to see what's logged
> to auth.log, but, if sshguard is watching multiple logs that doesn't
> show me all I want to see w/o opening multiple windows and tailing
> multiple logfiles.

If you want to watch multiple log files from one terminal, remember that 
you can pass multiple files to 'tail -f'. For example:

$ tail -f /var/log/auth.log /var/log/maillog

Alternatively, you can run the sshg-logtail script installed in libexec, 
which is a wrapper around the different ways that you invoke tail on 
different operating systems.

> So I'm thinking:
> 
>      . Change the "version" command line switch from "-v" to "-V",
>        and...
> 
>      . Make "-v" a "verbose" switch to cause sshguard to emit more
>        information to wherever it's logging.  Info such as:
> 
>        sshguard: Detected: service name: "postfix", service: 260,
>         ip addr: 192.168.1.2, ip_type: 4, dangerousness: 10
> 
> Maybe make "-v" take a verbosity level argument?

Improvements that would make it easier to see what SSHGuard is doing are 
certainly welcome.

Would sshg-logtail | sshg-parser -a (in annotate mode) be closer to what 
you are looking for?

(What exactly are you trying to see? Which attacks that SSHGuard would 
have detected in real time?)

Regards,
Kevin

Re: [SSHGuard-users] Enhancement Idea: Add Logging "Verbosity" Command-Line Option?

[Jim S. <jse...@Li...>]

On Wed, 23 Mar 2022 10:32:59 -0700
Kevin Zheng <kev...@gm...> wrote:

> On 3/15/22 11:18 AM, Jim Seymour wrote:
[snip]
> 
> If you want to watch multiple log files from one terminal, remember
> that you can pass multiple files to 'tail -f'. For example:
> 
> $ tail -f /var/log/auth.log /var/log/maillog

*sigh*  Y'know, I've been installing, configuring, administering,
maintaining, and using various flavors of *nix for about 35 years,
and I did not know that! <smh>

> 
[snip]
> 
> Would sshg-logtail | sshg-parser -a (in annotate mode) be closer to
> what you are looking for?

I do not know.  I'll look into it.

> 
> (What exactly are you trying to see? Which attacks that SSHGuard
> would have detected in real time?)

In the development/debug of the regexp code I'm working on: To see
each individual attack detection as it happens.  E.g. (from my code):

    sshguard[31417]: parse_line_re(): detected: service name:
     "postfix", service: 260, ip addr: "80.82.77.33", ip_type: 4

(I need to add "dangerousness" to that.)

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.

Re: [SSHGuard-users] Enhancement Idea: Add Logging "Verbosity" Command-Line Option?

[Michel M. <cm...@li...>]

Out of topiv

Le 23 mars 2022 18:46:34 GMT+01:00, Jim Seymour <jse...@Li...> a
>
>*sigh*  Y'know, I've been installing, configuring, administering,
>maintaining, and using various flavors of *nix for about 35 years,
>and I did not know that! <smh>

Ah ah ! Neither me, after 26 years sysadmining solaris, hpux, irix, 
.. 

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.