-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 sshguard prefers to use the "log-sucker" way of parsing authlog. I don't even have a mention of sshguard in syslog.conf.
the rc script just basically daemonises sshguard, and points it at /var/log/authlog # /etc/rc.d/sshguard daemon="/usr/local/sbin/sshguard" # REALLY Touchy version daemon_flags="-a 3 -l /var/log/authlog -w /var/db/sshguard/friends.db - -b 5:/var/db/sshguard/blacklist.db" # Less Touchy Version #daemon_flags="-l /var/log/authlog -w /var/db/sshguard/friends.db -b 5:/var/db/sshguard/blacklist.db" . /etc/rc.d/rc.subr rc_bg=YES rc_reload=NO rc_cmd $1 sshguard documentation on their website is quite thorough on how to install/use. The documentation on how to tweak is a little lacking though. All that is missing from an install of sshguard is the required entries into pf.conf, and which log files to monitor in the rc script. Works very, very well I might add. Good luck! Cheers Chris On 25/07/2012 08:04, Otto Moerbeek wrote: > On Wed, Jul 25, 2012 at 02:25:44PM +0200, Hasse Hansson wrote: > >> Hello all. >> # uname -a >> OpenBSD odin.thorshammare.org 5.2 GENERIC#13 i386 >> >> sshguard-1.5 >> Are we not supposed to use the entry in /etc/syslog.conf any more ? >> " auth.info;authpriv.info |/usr/local/sbin/sshguard " >> >> I get a message on my console saying: >> syslogd: unknown priority name "info |/usr/local/sbin/sshguard" >> >> The info about the syslog.conf entry seems to be gone in the install >> message too. >> >> All the best >> Hasse > > syslog is very picky about the difference between spaces and tabs. > Always use one or more tabs. > > -Otto Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQEBXQAAoJEFxdNdJhPdR3NK4IALCdIRU3ffb5W7l8rA1coIRR 6/UNM3IfOyBa1mO9750oiMzOCPS8qyGQ/93nt9xt8TcQC2XYV0gGhGBa0jDLXLNe ujRXBFHXoSmd4DZ60WaZ6Ej9+TNV3rN2WZRZRjXHWWtEm1dacTWhNDakBp3pCtY3 GYfFLWTQe5wSHVxrI/yB9eiCz6dCdwcL1xewTsQrTYtahtT46uPweCqjUCtx5pFv SogLHiWvA9qiUHhiPAoh/79KM11QDQGPpX+agm+LVA9/qkMuglAMhhaBM8IzXIIN qkJiz4KNGQuqLh2BfEetIr6bM44W3G3QTy+z+N1HEdRH3jayC+wkvb7TT91zEbk= =+k75 -----END PGP SIGNATURE-----
