Disabling syslog compression
Hi,
I´m installing fail2ban to improve the security of a home asterisk server which from time to time becomes the target of some sip account cracker and/or ssh brute force attack. For those not familiar with fail2ban, this utility monitors log files to find matches with user specified expressions to identify the presence of a brute force attack. Then configures iptables rules to block the offending IP. Here´s an example: Code:
NOTICE[1734] chan_sip.c: Registration from '"613"<sip:613@xx.xxxx.xxx.xxx>' failed for 'yyy.yyy.yyyy.yyy' - No matching peer found Code:
Dec 1 13:49:06 myserver sshd[12138]: Failed password for myuser from 192.168.x.y port 46112 ssh2 I´ve been searching for some syslogd configuration to turn off this behavior but with no luck. My system is running Slackware 13.0 with standard 2.6.29-smp kernel. Thanks in advance. Gustavo Patagonia Argentina |
no idea what syslog services slackware uses by default, redhat uses rsyslogd though, and that *used to* have an -e option to not do this, but now it never does it. if slack uses and oldetr rsyslog then try that, or change to a different syslog service, like my personal favourite syslog-ng.
|
All times are GMT -5. The time now is 06:22 AM. |