Install SSH Guard

Do the Installs

apt-get install syslog-ng
apt-get install sshguard

Create the Start-Up

cat > /etc/syslog-ng/conf.d/00load-sshguard.conf 
# pass only entries with auth+authpriv facilities from programs other
# than sshguard
filter f_sshguard { facility(auth, authpriv) and not program("sshguard"); };
# pass entries built with this format
destination sshguard {
        template("$DATE $FULLHOST $MSGHDR$MESSAGE\n")
log { source(s_src); filter(f_sshguard); destination(sshguard); };

Restart Logging and SSH Guard

service syslog-ng restart
service sshguard restart
Last modified 7 years ago Last modified on Jul 19, 2013, 3:52:50 PM