sshguard exiting with status 1
Noticed in my logs (and in others) that sshguard is exiting with error code 1.
syslogd Logging subprocess xxxxx (exec /usr/local/sbin/sshguard) exited with status 1.
looking further into sbin/sshguard, that exit code is related to missing either FILES or LOGREADER in the conf file created by inc/syslog.inc. According to the sample conf, neither FILE or LOGREADER have default values, but the FILES statement is not commented out, suggesting it or LOGREADER is required.
Adding the following to /etc/inc/syslog.inc causes the sshguard.conf to be formed correctly and eliminates the message:
$sshguard_config = 'FILES="/var/log/auth.log /var/log/maillog"' . "\n";
I've been seeing this as well. It shouldn't be pointed at a log file directly since we call it from
syslogd. Something must have changed in its config recently to trigger the error. I opened https://redmine.pfsense.org/issues/9971 to look into it.