The log-level for messages from sshd into auth.log has changed between 1.8.0 and 1.8.5 in /etc/rsyslog.conf:
until 1.8.0 (included)
# Log authorization failure messages auth,authpriv.* /var/log/auth.log
after (including current 1.8.5)
# Log authorization failure messages auth,authpriv.notice /var/log/auth.log
This might appear like a minor change, but a number of messages from sshd are now no longer logged, among which the mssages sshguard is looking for.
sshguard is one of the first extra packages I install right after bringing up a new EdgeOS installation or after an upgrade of such. I operate almost all my EdgeOS-boxes directly on the BEI™ and for one reason or another I cannot have all of them run with "password authentication" disabled. sshguard helped me in recent years to fend off too nosy people from all over the world (actually: mostly China, Ukraine and Russia 
)
Though I can now always change /etc/rsyslog.conf back to make sshguard work again, I was wondering what the reason behind this change was afterall?
Thanks,
Clemens