Robert T Wyatt wrote: [snip] > The *only* messages sshd is sending to asl.log (with sshd_config using > loglevel=verbose)
What is "loglevel=verbose"? that is wrong, the default sshd loglevel is INFO and there is no "verbose" level. I noticed, in your first message, that the log included the level as numeric, which is unusual, and it was logging "[Level 4]" which is "WARNING", 2 levels below "INFO" (level 6)... so that might be the problem: the default log level in OS-X is too low. Sorry, I don't use OS-X, so I'm not sure. OS-X is a relative of NeXTStep (later OpenStep) which I used for many years, an in turn they were BSD and Mach based... and they used normal syslog facilities and levels. Even if OS-X is using the newer syslog-ng (like many Linux distributions) the facilities and levels have not changed. [snip] > As you can see, these log messages do not contain the IP address of the > offending host. The way I see it, I can either work on getting sshd to > send log messages regarding the attacks or can try to get the > SecurityServer to send the IP address. Right, on a previous reply I started to describe an alternative but decided it was too much and never sent it. The alternative is checking sshd_config and syslog.conf (or syslog-ng.conf) and perhaps change things to get the "usual" sshd report. On the other hand it may be as easy as changing the default log level (but remember to restart syslogd). -- René Berber ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
