After so many time Suricata replaced Snort I discovered that Guardian (v.2.0.2 - latest in pakfire list).
- Still contains entries for snort
LogFacility = syslog
LogLevel = info
Monitor_SSH = /var/log/messages
Monitor_SNORT = /var/log/snort/alert
Monitor_HTTPD = /var/log/httpd/error_log
It also seems to stop loging in syslog - I wrongly entered a passwd in WUI, my access no longer works but there is no entry in syslog: using logs.cgi/log.dat , filtering for Guardian reveals nothing
Because of above, the Currently blocked hosts section from guardian.cgi is also empty.
And because of that I can’t unblock from WUI a blocked host.
Any ideas how to start guardian to log its actions?
Config seems correct: it say syslog!
And loging level Info (the other option being off).