root@x-shells:/etc/rc.d# ls /var/log
apache2/ clamd.1 cups/ debug.4 maillog.1 messages.2 record-up scripts/ setup/ syslog uucp/
btmp cron date dmesg maillog.2 messages.3 removed_packages/ secure spooler syslog.1 wtmp
btmp.1 cron.1 debug faillog maillog.3 messages.4 removed_scripts/ secure.1 spooler.1 syslog.2 wtmp.1
clamav-update cron.2 debug.1 iptraf/ maillog.4 nfsd/ rkhunter.log secure.2 spooler.2 syslog.3
clamav-update.1 cron.3 debug.2 lastlog messages packages/ sa/ secure.3 spooler.3 syslog.4
clamd cron.4 debug.3 maillog messages.1 proftpd.log samba/ secure.4 spooler.4 users.log
Look for the destination of auth.* in syslog.conf, not for the auth.log file itself
From this bunch of files, it could be "secure".
it does not exist
it's not loging
because it's not starting...
if i connect to the server via ssh there should be a sshguard process in the list
but there isn't any
This is most likely a syslog misconfiguration then.
would you mind posting your syslog.conf here or on a private message?
i think it has something to do with this...
My only difference is that I used
without the "exec". I followed
If you have not success you might want to try asking on the mailing list and pointing
out our thread
Otherwise, you may just try with another tool, there are many for blocking brute forces to ssh