[Logwatch] Log entries for ppp dialin

Andrea Wachter andrea.wachter@c.ict.om.org
Mon, 29 Jul 2002 18:13:25 +0100


Hi,

I can't search the archive at the moment, so I'm not sure if the following question 
was already asked:

Does anybody have a logwatch script which parses the /var/log/messages file for 
entries of pppd login ?

The entries in /var/log/messages look as follows:
Jul 28 20:07:09 c pppd[5358]: pppd 2.4.1 started by a_ppp, uid 0
Jul 28 20:07:09 c pppd[5358]: Using interface ppp0
Jul 28 20:07:09 c pppd[5358]: Connect: ppp0 <--> /dev/ttyS0
Jul 28 20:07:12 c pppd[5358]: CHAP peer authentication succeeded for angelar
.....
Jul 28 20:07:13 c pppd[5358]: CCP terminated by peer
....

We consider these messages important because it's a form of remote access to 
the server and we would like to see whether there were a lot of unsuccessful 
authentication attempts or attempts from unusual users...
So we would like them to show up in our logwatch reports.

Thanks in advance for any help you can give,
Bye,
Andrea Wachter