M. Schatzl wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list,
is there a reason why the OpenBSD-shipped syslogd cannot write
directly into a pipe? This would come in quite handy for just-in-time
log-processing.
pipes can go away and block, what should syslogd do then? I would bet
that semantics that are good for you absolutely suck for some other
legitimate user.
Just use "tail -f" as the source of your pipe and all your problems go
away.
In this case, its a script scanning for invalid ssh-logins invoked by
auth.info. It then appends the IP to a lockout-table via pfctl.
If ssh brute force attempts are your concern then you could just ensure
that you enforce good passwords.
-d
