Logging from raw files
In this scenario, sshguard reads
externally the log activity from one or more log files.
If you run sshguard version 1.5 or above, use the Log Sucker.
The tail+sshguard combo
Versions before 1.5 receive log entries only from standard input.
This is done with the help of the tail utility:
tail -n0 -F /var/log/auth.log | /usr/local/sbin/sshguardAdjust the paths of the raw file, and of sshguard if installed in a different location.
If the -F option is not available in your system and the log file rotates, use -f (lowercase) and setup logrotate to kill and reissue the command.
Latest Releases View all»
F.A.Q. View all»
- What is sshguard?Sshguard is a small program that monitors services running on your machine from the log files. When it ...
- I use IPFW and IPs are not successfully blockedFor minimizing the intrusiveness, sshguard puts blocking rules very low in the IPFW chain (with IDs from 55000 ...
- Sshguard does not workYou have one of these problems: sshguard is not given logs correctly sshguard cannot run the commands for ...