After 2.6RC upgrade sshguard exits every 5 min

maverick_slo · Jan 30, 2022, 6:32 AM

Me too.
Random...

🔒 Log in to view

grandrivers · Jan 31, 2022, 1:54 PM

was seeing that every hour appears to have quit a couple days ago not sure how or why it quit

viktor_g · Jan 31, 2022, 2:10 PM

Please provide more details about your configuration:

Installed packages
/etc/crontab content
VPN configuration type
Any other service configuration

pete35 · Jan 31, 2022, 3:48 PM

@viktor_g

crontab:

1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables
1 0 * * * root /usr/bin/nice -n20 /etc/rc.update_pkg_metadata
*/1 * * * * root /usr/sbin/newsyslog
1 3 * * * root /etc/rc.periodic daily
15 4 * * 6 root /etc/rc.periodic weekly
30 5 1 * * root /etc/rc.periodic monthly

packages : frr with ospf

3 IPSEC tunnels P2P

services? there are some standard services, no particular others than with pfsense 2.5.2

while searching the i-net, there are some problems with sshguard and logfile rotations ...

stephenw10 · Jan 31, 2022, 7:02 PM

sshguard monitors the logs for failed connection attempts and it has to restart when the logs are rotated.
If you have the logs set to a very small size or you have something that filling the logs very quickly, like an IPSec tunnel failing to connect, you will see it frequently restarting.

I see that here on test boxes that often have broken config for various things. We may need to add something to suppress it's own logs.

Steve

netblues · Jan 31, 2022, 7:30 PM

@stephenw10 Log size was at 1Mbyte.
Made it 100Mbytes. Lets see if it goes "away"

pete35 · Jan 31, 2022, 9:05 PM

@stephenw10
there are no failing tunnels here... setting the log size to 2Mbytes ...

stephenw10 · Feb 1, 2022, 5:52 AM

It might not be the ipsec log causing it. It could be several logs rotating frequently.
It should be pretty easy to check which log has the newsyslog entry at the same time though.

Steve

pete35 · Feb 1, 2022, 5:52 AM

@stephenw10

Setting the log size from default 512000 Bytes to 2 MBytes helps. No more frequent sshguard exits are logged.
Maybe that default for the log size should be updated for the 2.6 Release. It logs under "authentication" and in the general systemlog. Even that is annoying and should be corrected.

Thanks!

netblues · Feb 1, 2022, 7:30 AM

@stephenw10 said in After 2.6RC upgrade sshguard exits every 5 min:

It might not be the ipsec log causing it. It could be several logs rotating frequently.
It should be pretty easy to check which log has the newsyslog entry at the same time though.

Steve

No ip sec here.
Increasing the log size, "solves" it

stephenw10 · Feb 1, 2022, 3:00 PM

I opened a bug to track this: https://redmine.pfsense.org/issues/12747