Sshguard interfaces to the system in two points:

  • the logging system (how sshguard receives log messages to monitor)
  • the firewall (how sshguard blocks naughty addresses)

Logging System

As SSHGuard understands different log formats transparently, it can be interfaced with a variety of logging systems.

Before version 1.5, the logging system point-of-interface must be setup — that is, you must tell your system to give logs to SSHGuard:

Since version 1.5 instead, sshguard comes with the Log Sucker. With the Log Sucker, SSHGuard fetches log entries proactively, and handles transparently events like rotated log files and files disappearing and reappearing. The Log Sucker has been written to zero the configuration burden on the logging system side, and to allow SSHGuard to poll many log sources at once.

Blocking Backends

These are the available blocking backends (choose yours):

Latest Releases View all»

  • sshguard 1.5 This is a milestone release, coming after 18 months ...
  • sshguard 1.5 Sshguard monitors services through their logging activity. It reacts ...
  • sshguard 1.5rc4 This release candidate fixes the last known bugs submitted ...

F.A.Q. View all»