From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Sep 10 09:40:03 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9DEC6106567A for ; Wed, 10 Sep 2008 09:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 467568FC21 for ; Wed, 10 Sep 2008 09:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m8A9e20F012262 for ; Wed, 10 Sep 2008 09:40:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m8A9e2xo012261; Wed, 10 Sep 2008 09:40:02 GMT (envelope-from gnats) Date: Wed, 10 Sep 2008 09:40:02 GMT Message-Id: <200809100940.m8A9e2xo012261@freefall.freebsd.org> To: freebsd-ports-bugs@FreeBSD.org From: Mij Cc: Subject: Re: ports/126867: security/sshguard-pf 1.1 fails to detect attempted logins X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Mij List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Sep 2008 09:40:03 -0000 The following reply was made to PR ports/126867; it has been noted by GNATS. From: Mij To: Michael Cc: bug-followup@FreeBSD.org Subject: Re: ports/126867: security/sshguard-pf 1.1 fails to detect attempted logins Date: Wed, 10 Sep 2008 11:24:14 +0200 The way syslog is configured in a default system wrt what finishes into "auth.log" should impact sshguard only if you poll its content with the so-called "tail+sshguard combo" http://sshguard.sourceforge.net/doc/setup/loggingrawfile.html Under FreeBSD this is not the recommended way (this is the way the port prepares the system), as the system implementation of syslog supports pipes to external tools: http://sshguard.sourceforge.net/doc/setup/loggingsyslog.html In this latter approach, no matter what the original configuration of the system is, syslog is setup to feed sshguard with both messages. Please check that as follows: 1) enable this line: auth.info;authpriv.info |exec /usr/local/sbin/sshguard high in the /etc/syslog.conf file. 2) run /etc/rc.d/syslogd reload if sshguard is still not blocking, you can investigate it further pipe- ing from syslog to an instance of tee that logs and passes through to sshguard. On Sep 6, 2008, at 12:04 , Michael wrote: > No, I'm talking about auth.log. Seriously. > What about trying it on your own on a fresh install? > > Mij wrote: >> The fact you say there is only a single line and "the system logs" >> make me think you're considering /var/log/messages, >> there authentication messages do not appear. What about /var/log/ >> auth.log (or any other destination you set for auth.info)?