Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    After 2.6RC upgrade sshguard exits every 5 min

    Scheduled Pinned Locked Moved CE 2.6.0 Development Snapshots (Retired)
    13 Posts 6 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grandrivers
      last edited by

      was seeing that every hour appears to have quit a couple days ago not sure how or why it quit

      pfsense plus 25.03 super micro A1SRM-2558F
      C2558 32gig ECC  60gig SSD

      1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate
        last edited by

        Please provide more details about your configuration:

        1. Installed packages
        2. /etc/crontab content
        3. VPN configuration type
        4. Any other service configuration
        P 1 Reply Last reply Reply Quote 0
        • P
          pete35 @viktor_g
          last edited by

          @viktor_g

          crontab:

          1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
          1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
          1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
          */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
          30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables
          1 0 * * * root /usr/bin/nice -n20 /etc/rc.update_pkg_metadata
          */1 * * * * root /usr/sbin/newsyslog
          1 3 * * * root /etc/rc.periodic daily
          15 4 * * 6 root /etc/rc.periodic weekly
          30 5 1 * * root /etc/rc.periodic monthly

          packages : frr with ospf

          3 IPSEC tunnels P2P

          services? there are some standard services, no particular others than with pfsense 2.5.2

          while searching the i-net, there are some problems with sshguard and logfile rotations ...

          <a href="https://carsonlam.ca">bintang88</a>
          <a href="https://carsonlam.ca">slot88</a>

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            sshguard monitors the logs for failed connection attempts and it has to restart when the logs are rotated.
            If you have the logs set to a very small size or you have something that filling the logs very quickly, like an IPSec tunnel failing to connect, you will see it frequently restarting.

            I see that here on test boxes that often have broken config for various things. We may need to add something to suppress it's own logs. 🤔

            Steve

            N P 2 Replies Last reply Reply Quote 0
            • N
              netblues @stephenw10
              last edited by

              @stephenw10 Log size was at 1Mbyte.
              Made it 100Mbytes. Lets see if it goes "away"

              1 Reply Last reply Reply Quote 0
              • P
                pete35 @stephenw10
                last edited by

                @stephenw10
                there are no failing tunnels here... setting the log size to 2Mbytes ...

                <a href="https://carsonlam.ca">bintang88</a>
                <a href="https://carsonlam.ca">slot88</a>

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  It might not be the ipsec log causing it. It could be several logs rotating frequently.
                  It should be pretty easy to check which log has the newsyslog entry at the same time though.

                  Steve

                  P N 2 Replies Last reply Reply Quote 0
                  • P
                    pete35 @stephenw10
                    last edited by

                    @stephenw10

                    Setting the log size from default 512000 Bytes to 2 MBytes helps. No more frequent sshguard exits are logged.
                    Maybe that default for the log size should be updated for the 2.6 Release. It logs under "authentication" and in the general systemlog. Even that is annoying and should be corrected.

                    Thanks!

                    <a href="https://carsonlam.ca">bintang88</a>
                    <a href="https://carsonlam.ca">slot88</a>

                    1 Reply Last reply Reply Quote 0
                    • N
                      netblues @stephenw10
                      last edited by

                      @stephenw10 said in After 2.6RC upgrade sshguard exits every 5 min:

                      It might not be the ipsec log causing it. It could be several logs rotating frequently.
                      It should be pretty easy to check which log has the newsyslog entry at the same time though.

                      Steve

                      No ip sec here.
                      Increasing the log size, "solves" it

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        I opened a bug to track this: https://redmine.pfsense.org/issues/12747

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.