If sshguard can't start (for example, because some command line argument is invalid), running the rc script will happily report "Starting sshguard.", suppress the failure message (giving none of its own), and fool the user into thinking sshguard started successfully.
Thanks for your report Andrew Can you attach a log that highlights the issue please, and that includes the relevant startup failure as an example.
# /usr/local/sbin/sshguard -b 5:/var/db/sshguard/blacklist.db Doesn't make sense to have a blacklist threshold lower than one abuse (40). Terminating. Usage: <big usage message> With sshguard_blacklist="5:/var/db/sshguard/blacklist.db" in /etc/rc.conf, this is the only output when the rc script is invoked: # service sshguard start Starting sshguard. Exactly the same output as if a good value (such as 40) were given and there is no indication of a problem. Only after seeing that the table in pf for sshguard had no changes (and that sshd logs still had a lot of noise) did I realize that sshguard was not running. With a valid value for sshguard_blacklist, sshguard runs without issues when invoked via the rc script.
sshguard doesn't have the ability to fork itself into the background cleanly so we use daemon(8) to do so. Currently we use the -f flag and it sends all stdout to syslog. This isn't very helpful. I can remove the -f flag and it functions just fine. However, the output is a bit odd sometimes. At least the enduser will get proper notification if it isn't starting.
A commit references this bug: Author: feld Date: Mon Nov 3 21:11:34 UTC 2014 New revision: 372123 URL: https://svnweb.freebsd.org/changeset/ports/372123 Log: Do not hide stdout from users by sending it to syslog. Users need to be able to readily view errors if they happen at startup. PR: 193378 Changes: head/security/sshguard/files/sshguard.in