@johnpoz
Yes sir they said that I can disable that

It is a huge burden off my shoulders

@mtarbox said in sshguard and oddities in the daily system log email:

Nothing is hammering on the logs

Most probably because it isn't the 'ssh' server that hammers itself.
Some other process still keeps on going on port 22, but doesn't know that the ones living there has moved.
So sshguard won't see the warning messages from the ssh server in the logs and doesn't add its own.
Nothing in the logs doesn't mean nothing is happening.

If there is a rogue ssh client running somewhere, it should be detected and be accounted for.

wireshark on interface LAN host adresses "192.168.2.1" TCP port 22" and see what pops up.
Try all the interfaces.

@ibbetsion said in sshguard complaining about an attack from the pfSense system itself?:

192.168.1.2 is assigned IP of the pfSense firewall from my ISP router. It is the only device connected to the ISP router

This is a WAN interface ...

192.168.7.1 is the IP of the pfSense firewall itself (WAN1)

Another WAN interface ...

192.168.5.2 is the assigned IP of the second WAN port on the pfSense firewall (WAN2)

And another WAN interface ...

No LAN(s) ?

Remove all rules on all WAN interfaces.
The default action will be block all (DROP) - so sshguard won't be bothered again.