Emmanuel Leroy

``` /bin/sh -c 'journalctl --no-pager -q -f -t sshd | sed -u "s/\\[[0-9]*\\]://" | docker run -i --name sshguard2 --rm --net=host --privileged -e SSHGUARD_DEBUG=yes mischief/sshguard:1.6.0' whitelist: add '127.0.0.1' as plain...

doesn't seem to parse the logs properly. I tried stripping more stuff from the header but that only got me a little further: i.e. stripping the whole header but the...

the input after sed looks like this: ``` Jan 21 22:28:25 coreos-123.123.123.123 sshd Failed password for root from 59.63.188.53 port 46499 ssh2 Jan 21 22:28:25 coreos-123.123.123.123 sshd maximum authentication attempts...

sorry I send the wrong trace earlier but updated both comments. Those are with the orignal sed command.

indeed that seems to work

now that command is greek to me :-)

i'm trying to run it in the unit but it fails. Do i need to run the /bin/sh -c '...' ?

yes ok, got it. thanks is this way more 'robust' and less likely to break? Not sure I can trust this as a solution. I've been using blackhole script but...

well... what else is out there to guard against this kind of attacks? seems like there is not a whole lot for CoreOS, so what are people using in prod?

i tried replacing ws:// with wss:// in the javascript, and it fixed some of it (zk list etc...) but not the feed or graphs / consumer groups. I get a...