Logging from raw files

In this scenario, sshguard reads externally the log activity from one or more log files.

If you run sshguard version 1.5 or above, use the Log Sucker.

The tail+sshguard combo

Versions before 1.5 receive log entries only from standard input.

This is done with the help of the tail utility: 

tail -n0 -F /var/log/auth.log | /usr/local/sbin/sshguard
Adjust the paths of the raw file, and of sshguard if installed in a different location.

If the -F option is not available in your system and the log file rotates, use -f (lowercase) and setup logrotate to kill and reissue the command.

Latest Releases View all»

  • sshguard 1.5 This is a milestone release, coming after 18 months ...
  • sshguard 1.5 Sshguard monitors services through their logging activity. It reacts ...
  • sshguard 1.5rc4 This release candidate fixes the last known bugs submitted ...

F.A.Q. View all»