Hi - I struggled to get this figured out so posting in case others will find this useful.
If you are using ufw on ubuntu, configuring sshguard is not as straightforward (at least for a noob such as myself).
I partially used dfelicia's solution above (for the syslog-ng configuration). Then, I had to go in and add the following in /etc/ufw/before.rules:
Code:
# sshguard rules
# first setup a new chain for sshguard
# then setup a rule for before-input to redirect to sshguard
-N sshguard
-A ufw-before-input -p tcp --dport 22 -j sshguard
I also had to do this fairly up-top in the file (I placed mine just after the loopback rules at the top).
I tried putting these lines in the /var/lib/ufw/user.rules file but this did not block as I expected since I believe the ufw-before-input had a more generic iptables rule.
If anyone has a better way of configuring this, please let me know. Otherwise, I hope this helps others!