Here are some examples of asl.log entries that had to be removed before
DenyHosts could keep running.
[Time 2007.05.14 16:32:17 UTC] [Facility local2] [Sender sudo] [PID -1]
[Message turindot : TTY=ttyp1 ; PWD=/Users/turindot ; USER=root ;
COMMAND=/usr/bin/grep failed to auth /var/log/secure.log] [Level 5] [UID -2]
[GID -2] [Host fledge]
[Time 2007.05.17 15:35:22 UTC] [Facility daemon] [Sender diskarbitrationd]
[PID 57] [Message disk1s10 hfs 7291CDB1-85D9-3925-9983-1ED4FCA418B6
FWB48 /Volumes/FWB48] [Level 5] [UID -2] [GID -2] [Host
localhost]
Here's the error encountered.
starting DenyHosts: /usr/bin/env python
/System/Library/Frameworks/...denyhosts.py --daemon
--config=/usr/...denyhosts.cfg
Traceback (most recent call last):
File "/System/Library/Frameworks/...denyhosts.py", line 164, in ?
first_time, noemail, daemon)
File "/System/Library/Frameworks/...deny_hosts.py", line 82, in __init__
offset = self.process_log(logfile, last_offset)
File "/System/Library/Frameworks/...deny_hosts.py", line 380, in
process_log
message = sshd_m.group('message')
IndexError: no such group
DenyHosts exited abnormally
Can the secure.log file be monitored rather than the asl.log file in Mac OS
X Server? I'm asking partly because of the above problem, and partly because
the secure.log appears to contain IP addresses of attackers that don't seem
to appear in the asl.log. Thanks.
--
Laine Lee
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
