Hi John,
I'm not sure what's happened here, but the default
/etc/rsyslog.d/50-default.conf contains no such snippet (a pristine copy
is also stored in /usr/share/rsyslog/50-default.conf) and is managed via
ucf. The contents of a pristine version are attached.
Either another package you have installed has modified this config file
(and looking at the failban package and postinstall script, I don't see
anything there that would add anything like that.
Doing a limited google search on the comment string "# Transform and
forward data" turned up this recipe: https://devconnected.com
/geolocating-ssh-hackers-in-real-time/ ; is it possible that this was
added as part of a recipe you were following?
Thanks.
** Attachment added: "50-default.conf"
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1881942/+attachment/5386636/+files/50-default.conf
** Changed in: rsyslog (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1881942
Title:
default configuration forwards sshd failures to port 7070
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1881942/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs