- changed status to open
Lower log verbosity for whitelist hit
Issue #53
resolved
Reading sshguard_log.c it looks like LOG_AUTH is hardwired into sshguard. That means it logs its activities to the same place that it reads from. This doesn't appear configurable. Ideally the syslog facility should be configurable somehow. (e.g., command line option)
My problem is that I have a whitelisted host that is checking some services via nagios. Something about how it is doing things causes sshguard to want to block it. That's fine. I put it in the whitelist. Now I have a steady stream of these log messages: Dec 24 15:12:29 xxxx sshguard[85128]: xx.xx.xx.xx: not blocking (on whitelist)
They're logged at auth.info and I can't change that. I'd like to have sshguard either not log its info-level stuff, or log it to a configurable facility. I might have authenticating services running who log at auth.info and I want sshguard to see those auth.info posts for its purposes. But I hate seeing a message every 5 minutes from sshguard itself saying that (for the umpteenth time) it didn't block something because it was on the whitelist.
Comments (4)
-
-
reporter
That would work for me.
-
- changed status to resolved
Committed in bfbd189, thanks!
-
- changed title to Lower log verbosity for whitelist hit
-
assigned issue to
Kevin Zheng
- Log in to comment
Sounds to me that the "not blocking" messages should be set to debug priority.