Using sshguard with rsyslogd on FreeBSD

Recently I was trying out rsyslogd, partially because I want to set up a log server, but the built-in syslogd can’t send log messages to remote log server encrypted. First I read there is a solution using stunnel to create an encrypted tunnel around log messages. Another article suggests that we should just use rsyslogd.

rsyslogd is designed to be compatible with the original syslogd, but I found that the configuration used to send failed login attempts to sshguard doesn’t work in rsyslogd anymore:

auth.info;authpriv.info |exec /usr/local/sbin/sshguard

So after some research I came up with this solution:

First, make a named pipe

# mkfifo /var/log/sshguard.fifo

Tell rsyslogd to send messages to that pipe. In /usr/local/etc/rsyslog.conf , add:

auth.info;authpriv.info                         |/var/log/sshguard.fifo

Feed the pipe into sshguard and put this command in background:

# cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard &

Put the above command inside /etc/rc.local , so that it would automatically execute upon boot.

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 變更 )

Twitter picture

You are commenting using your Twitter account. Log Out / 變更 )

Facebook照片

You are commenting using your Facebook account. Log Out / 變更 )

Google+ photo

You are commenting using your Google+ account. Log Out / 變更 )

連結到 %s