sshguard exiting with status 1

A Former User · Dec 16, 2019, 3:04 PM

Noticed in my logs (and in others) that sshguard is exiting with error code 1.

syslogd 	Logging subprocess xxxxx (exec /usr/local/sbin/sshguard) exited with status 1.

looking further into sbin/sshguard, that exit code is related to missing either FILES or LOGREADER in the conf file created by inc/syslog.inc. According to the sample conf, neither FILE or LOGREADER have default values, but the FILES statement is not commented out, suggesting it or LOGREADER is required.

Adding the following to /etc/inc/syslog.inc causes the sshguard.conf to be formed correctly and eliminates the message:

$sshguard_config[] = 'FILES="/var/log/auth.log /var/log/maillog"' . "\n";

jimp · Dec 16, 2019, 9:00 PM

I've been seeing this as well. It shouldn't be pointed at a log file directly since we call it from syslogd. Something must have changed in its config recently to trigger the error. I opened https://redmine.pfsense.org/issues/9971 to look into it.

Thanks!