• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

sshguard exiting every minute

Scheduled Pinned Locked Moved General pfSense Questions
7 Posts 3 Posters 3.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    terryzb
    last edited by Jun 30, 2022, 7:19 AM

    Brand new pfSense user here on a 2100 running 22.01 with minimal configuration and 3 packages--avahi, aws-wizard and ipsec-profile-wizard. In System Logs I'm seeing this repeated over and over every second.

    Jun 27 20:34:00 sshguard 1733 Now monitoring attacks.
    Jun 27 20:35:00 sshguard 1733 Exiting on signal.
    Jun 27 20:35:00 sshguard 21380 Now monitoring attacks.
    Jun 27 20:36:00 sshguard 21380 Exiting on signal.
    Jun 27 20:36:00 sshguard 43538 Now monitoring attacks.
    Jun 27 20:37:00 sshguard 43538 Exiting on signal.
    Jun 27 20:37:00 sshguard 66480 Now monitoring attacks.
    Jun 27 20:38:00 sshguard 66480 Exiting on signal.
    Jun 27 20:38:00 sshguard 89694 Now monitoring attacks.

    Based on other posts here saying it's related to log rolling, I ssh'd in but don't see any log sizes that look odd to me.

    /var/log: ls -lhR
    total 1500
    -rw------- 1 root wheel 246K Jun 30 00:06 auth.log
    -rw------- 1 root wheel 329K Jun 29 23:57 dhcpd.log
    -rw-r--r-- 1 root wheel 9.8K Jun 26 20:17 dmesg.boot
    -rw------- 1 root wheel 238K Jun 30 00:13 filter.log
    -rw------- 1 root wheel 501K Jun 29 23:37 filter.log.0
    -rw------- 1 root wheel 501K Jun 29 22:28 filter.log.1
    -rw------- 1 root wheel 502K Jun 29 21:29 filter.log.2
    -rw------- 1 root wheel 522K Jun 29 21:03 filter.log.3
    -rw------- 1 root wheel 537K Jun 29 20:41 filter.log.4
    -rw------- 1 root wheel 600K Jun 29 20:34 filter.log.5
    -rw------- 1 root wheel 500K Jun 29 20:08 filter.log.6
    -rw------- 1 root wheel 86K Jun 27 11:40 gateways.log
    -rw------- 1 root wheel 500K Jun 26 11:48 gateways.log.0
    -rw------- 1 root wheel 500K Jun 26 10:48 gateways.log.1
    -rw------- 1 root wheel 500K Jun 26 09:48 gateways.log.2
    -rw------- 1 root wheel 500K Jun 26 08:48 gateways.log.3
    -rw------- 1 root wheel 500K Jun 26 07:48 gateways.log.4
    -rw------- 1 root wheel 500K Jun 26 06:48 gateways.log.5
    -rw------- 1 root wheel 500K Jun 26 05:48 gateways.log.6
    -rw------- 1 root wheel 0B Jun 26 20:17 ipsec.log
    -rw------- 1 root wheel 0B Jun 26 20:17 l2tps.log
    -rw-r--r-- 1 root wheel 0B Jun 27 15:52 lastlog
    drwxr-xr-x 2 root wheel 3B May 15 10:39 nginx
    -rw------- 1 root wheel 497K Jun 30 00:13 nginx.log
    -rw------- 1 root wheel 521K Jun 29 15:50 nginx.log.0
    -rw------- 1 root wheel 503K Jun 29 13:40 nginx.log.1
    -rw------- 1 root wheel 503K Jun 29 08:37 nginx.log.2
    -rw------- 1 root wheel 500K Jun 27 16:59 nginx.log.3
    -rw------- 1 root wheel 500K Jun 26 21:16 nginx.log.4
    -rw------- 1 root wheel 501K Jun 26 16:52 nginx.log.5
    -rw------- 1 root wheel 501K Jun 24 15:09 nginx.log.6
    drwxr-xr-x 2 root wheel 2B May 15 10:39 ntp
    -rw------- 1 root wheel 344K Jun 29 12:07 ntpd.log
    -rw------- 1 root wheel 499K Jun 24 04:03 ntpd.log.0
    -rw------- 1 root wheel 0B Jun 26 20:17 openvpn.log
    -rw------- 1 root wheel 0B Jun 26 20:17 poes.log
    -rw------- 1 root wheel 0B Jun 26 20:17 portalauth.log
    -rw------- 1 root wheel 0B Jun 26 20:17 ppp.log
    -rw------- 1 root wheel 111K Jun 29 23:40 resolver.log
    -rw------- 1 root wheel 38K Jun 28 10:54 routing.log
    -rw------- 1 root wheel 103K Jun 30 00:06 system.log
    -rw------- 1 root wheel 499K Jun 27 14:25 system.log.0
    -rw------- 1 root wheel 3.8K Jun 30 00:05 userlog
    -rw-r--r-- 1 root wheel 197B Jun 30 00:06 utx.lastlogin
    -rw------- 1 root wheel 533B Jun 30 00:06 utx.log
    -rw------- 1 root wheel 0B Jun 26 20:17 vpn.log
    -rw------- 1 root wheel 0B Jun 26 20:17 watchdogd.log
    -rw------- 1 root wheel 0B Jun 26 20:17 wireless.log

    ./nginx:
    total 1
    -rw-r--r-- 1 root wheel 0B May 15 10:39 error.log

    ./ntp:
    total 0

    Any suggestions?

    Thanks,
    Terry

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Jun 30, 2022, 1:21 PM

      It appears to be restarting once a minute. Or at least it was at that point which was 3 days ago. It's possible the filter logs were rotating every minute at that time and have since stopped so you're not seeing it now. Or are still seeing sshguard restarting?

      Steve

      T 1 Reply Last reply Jun 30, 2022, 3:28 PM Reply Quote 0
      • T
        terryzb @stephenw10
        last edited by Jun 30, 2022, 3:28 PM

        @stephenw10
        Sorry, late night post--I wrote every minute in the title but for some reason wrote every second in the text.

        It's calmed down now but still happening every 45-60 minutes, which I guess is more reasonable?

        Jun 30 04:19:00 sshguard 2118 Exiting on signal.
        Jun 30 04:19:00 sshguard 8210 Now monitoring attacks.
        Jun 30 05:06:00 sshguard 8210 Exiting on signal.
        Jun 30 05:06:00 sshguard 3059 Now monitoring attacks.
        Jun 30 06:05:00 sshguard 3059 Exiting on signal.
        Jun 30 06:05:00 sshguard 85502 Now monitoring attacks.
        Jun 30 07:01:00 sshguard 85502 Exiting on signal.
        Jun 30 07:01:00 sshguard 80116 Now monitoring attacks.
        Jun 30 07:51:00 sshguard 80116 Exiting on signal.
        Jun 30 07:51:00 sshguard 57403 Now monitoring attacks.

        S 1 Reply Last reply Jun 30, 2022, 3:44 PM Reply Quote 0
        • S
          SteveITS Galactic Empire @terryzb
          last edited by Jun 30, 2022, 3:44 PM

          @terryzb Double check you're not having excessive logging somewhere, or increase log size to slow rotation:
          https://forum.netgate.com/topic/171382/sshguard-exiting-on-signal

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          T 1 Reply Last reply Jun 30, 2022, 4:10 PM Reply Quote 0
          • T
            terryzb @SteveITS
            last edited by Jun 30, 2022, 4:10 PM

            @steveits
            Thanks Steve. On a new and mostly vanilla system, is /var/log the only place where logs would be written? As shown in my first post, I don't see any logs in there that would draw my attention.

            1 Reply Last reply Reply Quote 0
            • S
              stephenw10 Netgate Administrator
              last edited by Jun 30, 2022, 4:23 PM

              Yes. That looks like the same sort of period as the filter logs are rotating though, so almost certainly that.

              Increase the log size. Decrease what gets logged.

              Steve

              T 1 Reply Last reply Jun 30, 2022, 6:23 PM Reply Quote 0
              • T
                terryzb @stephenw10
                last edited by Jun 30, 2022, 6:23 PM

                @stephenw10
                Done! Thanks!

                1 Reply Last reply Reply Quote 0
                1 out of 7
                • First post
                  1/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received