# Install SSH Guard

Do the Installs

```
apt-get install syslog-ng
apt-get install sshguard
```

Create the Start-Up

```
cat > /etc/syslog-ng/conf.d/00load-sshguard.conf 
# pass only entries with auth+authpriv facilities from programs other
# than sshguard
filter f_sshguard { facility(auth, authpriv) and not program("sshguard"); };
# pass entries built with this format
destination sshguard {
    program("/usr/sbin/sshguard"
        template("$DATE $FULLHOST $MSGHDR$MESSAGE\n")
    );
};
log { source(s_src); filter(f_sshguard); destination(sshguard); };
```

Restart Logging and SSH Guard

```
service syslog-ng restart
service sshguard restart
```