Excessive log messages when polling from files

Comments (15)

1. 

   Bruno Friedmann reporter

   • edited description

   • 2016-03-06T20:29:43+00:00
2. 

   Kevin Zheng

   It sounds like you have the debugging flag enabled. Have you tried unsetting SSHGUARD_DEBUG in your environment?

   • 2016-03-06T22:53:42+00:00
3. 

   Bruno Friedmann reporter

   I'm using this patch actually cause the log is always flooding with or without the SSHGUARD_DEBUG (which give other informations if setup)

   diff --git i/src/sshguard_logsuck.c w/src/sshguard_logsuck.c
   index d6b4e2b..0588b44 100644
   --- i/src/sshguard_logsuck.c
   +++ w/src/sshguard_logsuck.c
   @@ -286,7 +286,7 @@ static int refresh_files() {
        }
        list_iterator_stop(& sources_list);
   
   -    sshguard_log(LOG_INFO, "Refreshing sources showed %u changes.", numchanged);
   +    /* sshguard_log(LOG_INFO, "Refreshing sources showed %u changes.", numchanged); */
        return 0;
    }
   

   • 2016-03-07T14:59:08+00:00
4. 

   Kevin Zheng

   Are you using log sucker with only standard input? If you're only reading from standard input, omit the -l argument. You should use -l - only when you're also reading from a file.

   • 2016-03-09T20:53:45+00:00
5. 

   Kevin Zheng

   • changed title to Excessive error messages when polling standard input
   • assigned issue to
     
     Kevin Zheng
   • marked as minor

   • 2016-03-09T20:55:39+00:00
6. 

   Lodvær

   I also have this issue, while reading only one log with -l <logfile>. I think it is caused by logging to the same file one reads from. Every time a line is read, it logs "Refreshing sources showed 0 changes.", which is then read, again triggering it to log.

   • 2016-03-10T12:34:39+00:00
7. 

   gedge

   Running sshguard (FreeBSD port), getting this error:

   Mar 13 01:37:52 wholly sshguard[14033]: Refreshing sources showed 0 changes.
   Mar 13 01:38:23 wholly last message repeated 116 times
   Mar 13 01:40:24 wholly last message repeated 342 times
   

   endless logging, not using -l -

   • 2016-03-13T02:09:44+00:00
8. 

   Kevin Zheng

   Could you include your SSHGuard invocation? Is it using -l with only one file? Is the file /var/log/auth.log?

   • 2016-03-13T02:30:56+00:00
9. 

   Lodvær

   sshguard -l /var/log/socklog/secure/current -b 200:/var/db/sshguard/blacklist.db

   /var/log/socklog/secure/current has auth messages.

   • 2016-03-13T12:08:39+00:00
10. 

    gedge

    Stock FreeBSD args (src)

    # ps auxww|grep ssh[g]
    root    7343   0.0  0.0  1344   3104  -  Is    2:09am     0:05.65 /usr/local/sbin/sshguard -b 40:/var/db/sshguard/blacklist.db -l /var/log/auth.log -l /var/log/maillog -a 40 -p 420 -s 1200 -w /usr/local/etc/sshguard.whitelist
    

    • 2016-03-13T13:05:49+00:00
11. 

    Bruno Friedmann reporter

    Sorry was away during the week ... My usage is the following

    /usr/bin/journalctl -u sshd -u pure-ftpd -u dovecot -u postfix -alfb --no-pager -p info -n1 -o cat | /usr/sbin/sshguard -l- -a 50 -p 3600 -s 7200 -w /var/lib/sshguard/whitelist.db -b 100:/var/lib/sshguard/blacklist.db SYSLOG_FACILITY=10
    

    @Partmedia if I understand correctly your statement in previous comment, in that sort of case, we should remove the -l- ? Then it's a breakage from previous version, and we should adapt comments, documentation.

    • 2016-03-13T13:20:29+00:00
12. 

    Kevin Zheng

    • changed title to Excessive log messages when polling from files
    • marked as major

    • 2016-03-17T04:14:35+00:00
13. 

    Kevin Zheng

    Issue #26 was marked as a duplicate of this issue.

    • 2016-03-17T04:16:13+00:00
14. 

    Kevin Zheng

    • changed status to resolved

    Fixed in 43ff612, thanks!

    • 2016-03-17T04:50:26+00:00
15. 

    Kevin Zheng

    Issue #33 was marked as a duplicate of this issue.

    • 2016-04-22T22:16:29+00:00
16. Log in to comment