Project

General

Profile

Bug #10155

sshguard is not compatible with RFC 5424 log format

Added by Jim Pingle 3 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Logging
Target version:
Start date:
01/03/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.5.0
Affected Architecture:
All

Description

pfSense 2.5.0 has an option to change the syslog style from the default RFC 3154 format to the new RFC 5424 format. However, sshguard does not appear to parse the messages properly when fed RFC 5424 format log data.

I tested with ssh messages so it shouldn't be anything specific to pfSense at play here.

History

#1 Updated by Jim Pingle 3 months ago

  • Assignee deleted (Jim Pingle)

Brief review didn't turn up any options that might help, and I didn't see any similar format messages in the sshguard tests.txt list. I opened an issue upstream with sshguard: https://bitbucket.org/sshguard/sshguard/issues/124/sshguard-does-not-parse-rfc-5424-format

If it isn't addressed before we need to ship 2.5.0, then we should at least add a warning to the syslog format selection option in the GUI alerting the user to the potential danger of using the other format.

Also available in: Atom PDF