[Logwatch] Log entries for ppp dialin
Mon, 29 Jul 2002 18:13:25 +0100
I can't search the archive at the moment, so I'm not sure if the following question
was already asked:
Does anybody have a logwatch script which parses the /var/log/messages file for
entries of pppd login ?
The entries in /var/log/messages look as follows:
Jul 28 20:07:09 c pppd: pppd 2.4.1 started by a_ppp, uid 0
Jul 28 20:07:09 c pppd: Using interface ppp0
Jul 28 20:07:09 c pppd: Connect: ppp0 <--> /dev/ttyS0
Jul 28 20:07:12 c pppd: CHAP peer authentication succeeded for angelar
Jul 28 20:07:13 c pppd: CCP terminated by peer
We consider these messages important because it's a form of remote access to
the server and we would like to see whether there were a lot of unsuccessful
authentication attempts or attempts from unusual users...
So we would like them to show up in our logwatch reports.
Thanks in advance for any help you can give,