Logging from raw files

In this scenario, sshguard reads externally the log activity from one or more log files.

If you run sshguard version 1.5 or above, use the Log Sucker.

The tail+sshguard combo

Versions before 1.5 receive log entries only from standard input.

This is done with the help of the tail utility: 

tail -n0 -F /var/log/auth.log | /usr/local/sbin/sshguard
Adjust the paths of the raw file, and of sshguard if installed in a different location.

If the -F option is not available in your system and the log file rotates, use -f (lowercase) and setup logrotate to kill and reissue the command.

Lates Releases View all»

  • sshguard 1.5rc3 This release contains improvements to blacklisting, the Log Sucker, ...
  • sshguard 1.5rc2 This release fixes compilation issues on Solaris, fixes the ...
  • sshguard 1.5rc1 With respect to 1.5beta3, this release completes support for ...

F.A.Q. View all»