Recently I was trying out rsyslogd
, partially because I want to set up a log server, but the built-in syslogd
can’t send log messages to remote log server encrypted. First I read there is a solution using stunnel
to create an encrypted tunnel around log messages. Another article suggests that we should just use rsyslogd
.
rsyslogd
is designed to be compatible with the original syslogd
, but I found that the configuration used to send failed login attempts to sshguard
doesn’t work in rsyslogd
anymore:
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
So after some research I came up with this solution:
First, make a named pipe
# mkfifo /var/log/sshguard.fifo
Tell rsyslogd
to send messages to that pipe. In /usr/local/etc/rsyslog.conf
, add:
auth.info;authpriv.info |/var/log/sshguard.fifo
Feed the pipe into sshguard
and put this command in background:
# cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard &
Put the above command inside /etc/rc.local
, so that it would automatically execute upon boot.