Sshguard interfaces to the system in two points:

• the logging system (how sshguard receives log messages to monitor)
• the firewall (how sshguard blocks naughty addresses)

As SSHGuard understands different log formats transparently, it can be interfaced with a variety of logging systems.

Before version 1.5, the logging system point-of-interface must be setup — that is, you must tell your system to give logs to SSHGuard:

• syslog
• syslog-ng
• metalog or multilog
• raw log files

Since version 1.5 instead, sshguard comes with the Log Sucker. With the Log Sucker, SSHGuard fetches log entries proactively, and handles transparently events like rotated log files and files disappearing and reappearing. The Log Sucker has been written to zero the configuration burden on the logging system side, and to allow SSHGuard to poll many log sources at once.

These are the available blocking backends (choose yours):

• sshguard with PF (OpenBSD, FreeBSD, NetBSD, DragonFly BSD)
• sshguard with netfilter/iptables (Linux)
• sshguard with IPFW (FreeBSD, Mac OS X)
• sshguard with IP FILTER (FreeBSD, NetBSD, Solaris)
• sshguard with TCP wrappers / hosts.allow (almost any UNIX system)