Created attachment 153223 [details] Patch to attack_scanner.l syslogd -v adds <facility.level> to the logs. Attached patch makes sshguard trigger on those lines as well.
Auto-assigned to maintainer feld@FreeBSD.org
Thanks for the patch! Can you confirm if it still matches entries when -v is not passed? I believe that was an issue from way back when this was discussed on the upstream mailing lists.
(In reply to Mark Felder from comment #2) Yes. I have run it in debug mode and fed it logs both with and without <facility.level>
This hasn't been overlooked; I've just been looking for more testers. I expect this will land in the tree soon.
A commit references this bug: Author: feld Date: Tue Mar 24 02:11:27 UTC 2015 New revision: 382063 URL: https://svnweb.freebsd.org/changeset/ports/382063 Log: Enable matching of syslog entries with <facility.level> PR: 197854 Changes: head/security/sshguard/Makefile head/security/sshguard/files/patch-src-parser-attack_scanner.l head/security/sshguard/files/patch-src-sshguard.c
A commit references this bug: Author: feld Date: Tue Mar 24 02:23:31 UTC 2015 New revision: 382064 URL: https://svnweb.freebsd.org/changeset/ports/382064 Log: Restore lost changes to patch-src-parser-attack_scanner.l PR: 197854 Changes: head/security/sshguard/Makefile head/security/sshguard/files/patch-src-parser-attack_scanner.l