View previous topic :: View next topic |
Author |
Message |
Sedrik l33t
Joined: 08 Apr 2005 Posts: 655 Location: Uppsala, Sweden
|
Posted: Mon Sep 12, 2011 7:03 am Post subject: Logwatch and sshd verbosity |
|
|
Hi guys, I get the following reports from logwatch
Code: | Login attempted when not in AllowUsers list:
bin : 1 Time(s)
ftp : 1 Time(s)
ldap : 1 Time(s)
mail : 1 Time(s)
man : 1 Time(s)
mysql : 2 Time(s)
news : 1 Time(s)
operator : 1 Time(s)
postmaster : 1 Time(s)
root : 307 Time(s)
smmsp : 1 Time(s)
sshd : 1 Time(s)
sync : 2 Time(s)
SFTP subsystem requests: 3 Time(s)
**Unmatched Entries**
SSH: Server;Ltype: Version;Remote: 122.155.161.9-34198;Protocol: 2.0;Client: libssh-0.1 : 1 time(s)
SSH: Server;Ltype: Version;Remote: 220.172.191.31-52060;Protocol: 2.0;Client: libssh-0.1 : 1 time(s)
SSH: Server;Ltype: Version;Remote: 122.155.161.9-32985;Protocol: 2.0;Client: libssh-0.1 : 1 time(s)
SSH: Server;Ltype: Version;Remote: 122.155.161.9-55203;Protocol: 2.0;Client: libssh-0.1 : 1 time(s)
... |
Now the Unmatched Entries is a long long list and I was woundering what it means and what I can do to not show it. I have tried playing around with the detail level of logwatch but it shows even on detail=1
Thanks in advance _________________ From Gentoo with love |
|
Back to top |
|
|
Quincy Apprentice
Joined: 02 Jun 2005 Posts: 201 Location: Germany
|
Posted: Tue Dec 06, 2011 1:36 am Post subject: |
|
|
I think logwatch will report every unmatched entry regardless of the detail level.
Perhaps you should have a look in the filter sets in /usr/share/logwatch/scripts/services/ or perhaps a newer version of logwatch already covers your unmatched entries. |
|
Back to top |
|
|
pjturmel n00b
Joined: 15 Sep 2012 Posts: 3
|
|
Back to top |
|
|
|