Sshguard interfaces to the system in two points:
- the logging system (how sshguard receives log messages to monitor)
- the firewall (how sshguard blocks naughty addresses)
As SSHGuard understands different log formats transparently, it can be interfaced with a variety of logging systems.
Before version 1.5, the logging system point-of-interface must be setup — that is, you must tell your system to give logs to SSHGuard:
Since version 1.5 instead, sshguard comes with the Log Sucker. With the Log Sucker, SSHGuard fetches log entries proactively, and handles transparently events like rotated log files and files disappearing and reappearing. The Log Sucker has been written to zero the configuration burden on the logging system side, and to allow SSHGuard to poll many log sources at once.
These are the available blocking backends (choose yours):
Latest Releases View all»
F.A.Q. View all»
- What is sshguard?Sshguard is a small program that monitors services running on your machine from the log files. When it ...
- I use IPFW and IPs are not successfully blockedFor minimizing the intrusiveness, sshguard puts blocking rules very low in the IPFW chain (with IDs from 55000 ...
- Sshguard does not workYou have one of these problems: sshguard is not given logs correctly sshguard cannot run the commands for ...