Using sshguard with rsyslogd on FreeBSD

Recently I was trying out rsyslogd, partially because I want to set up a log server, but the built-in syslogd can’t send log messages to remote log server encrypted. First I read there is a solution using stunnel to create an encrypted tunnel around log messages. Another article suggests that we should just use rsyslogd.

rsyslogd is designed to be compatible with the original syslogd, but I found that the configuration used to send failed login attempts to sshguard doesn’t work in rsyslogd anymore:

auth.info;authpriv.info |exec /usr/local/sbin/sshguard

So after some research I came up with this solution:

First, make a named pipe

# mkfifo /var/log/sshguard.fifo

Tell rsyslogd to send messages to that pipe. In /usr/local/etc/rsyslog.conf , add:

auth.info;authpriv.info                         |/var/log/sshguard.fifo

Feed the pipe into sshguard and put this command in background:

# cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard &

Put the above command inside /etc/rc.local , so that it would automatically execute upon boot.

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s