[Logwatch] Two Logwatch Questions

elist at pcsites.com elist at pcsites.com
Sun Jul 4 21:23:10 MST 2004


Hello,
I have a few logwatch questions if anyone has a bit of time.

First, are there any repositories of additional logwatch scripts/log monitors other than the ones included with the project? I'm a constant tinker type.

Second, one of the functions I get logging info on is from the firewall I run, is there a way to get a summary of the number of hits on ports that were reported on? Example;
  From 4.14.66.19 - 2 packets to tcp(445)
  From 4.14.186.8 - 3 packets to tcp(445)
  From 4.15.22.83 - 2 packets to tcp(445)
  From 4.15.136.52 - 1 packet to tcp(445)
  From 4.16.176.64 - 1 packet to tcp(445)
  From 209.25.161.24 - 2 packets to tcp(135)
  From 209.51.177.113 - 6 packets to tcp(4100,4101)
  From 209.89.249.163 - 4 packets to tcp(135)
  From 209.165.51.137 - 3 packets to tcp(445)
  From 209.181.114.91 - 2 packets to tcp(135)
  From 209.202.221.82 - 11 packets to tcp(55077)
  From 209.209.102.124 - 2 packets to tcp(135)
  From 220.184.123.232 - 1 packet to udp(137)
Port tcp(135)  10 packet
Port tcp(445)	12 packet
Prot udp(137)	1 Packet
etc...

Third and final, the current MailScanner script is nothing short of terrific. I was wondering though if there would be a way to be slightly less verbose. Perhaps ignoring the ID's and providing stricter summaries. For example,
   Spam Actions: message i63FieKH008560 actions are myemail at mydomain.com,store,forward : 1 Time(s)
   Spam Actions: message i640k9gV030398 actions are myemail at mydomain.com,store,forward : 1 Time(s)
   Spam Actions: message i634iYKH015281 actions are myemail at mydomain.com,store,forward : 1 Time(s)
   Spam Actions: message i63IdFgV016255 actions are myemail at mydomain.com,store,forward : 1 Time(s)
   Spam Actions: message i63BhaKH030451 actions are myemail at mydomain.com,store,forward : 1 Time(s)
Could be shrunk to 
   Spam Actions: message (multi) actions are myemail at mydomain.com,store,forward : 5 Time(s)

Thanks for any advice. 
  
Richard Ahlquist




More information about the Logwatch mailing list