Hi John, I'm not sure what's happened here, but the default /etc/rsyslog.d/50-default.conf contains no such snippet (a pristine copy is also stored in /usr/share/rsyslog/50-default.conf) and is managed via ucf. The contents of a pristine version are attached.
Either another package you have installed has modified this config file (and looking at the failban package and postinstall script, I don't see anything there that would add anything like that. Doing a limited google search on the comment string "# Transform and forward data" turned up this recipe: https://devconnected.com /geolocating-ssh-hackers-in-real-time/ ; is it possible that this was added as part of a recipe you were following? Thanks. ** Attachment added: "50-default.conf" https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1881942/+attachment/5386636/+files/50-default.conf ** Changed in: rsyslog (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881942 Title: default configuration forwards sshd failures to port 7070 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1881942/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
