[Logwatch] logwatch 6.1 and entry timestamp

Mike Tremaine mgt at stellarcore.net
Thu Jun 9 08:41:53 MST 2005

On Tue, 2005-05-31 at 09:04, Juan Perez wrote:
> I am trying to setup logwatch to monitor failed ssh logins. In
> order to report the data to someone I need to have, along with
> the source IP address the time when the entry was made in the
> log file. The timestam exists in the file, as this:
> May 30 18:38:57 extscanner sshd[10592]: Failed password for
> nobody from port 37725 ssh2
> Logwatch reports this:
> nobody/password from 1 Time(s)
> Logwatch was run with this syntax:
>  /usr/sbin/logwatch -print -debug med  -output mail -service
> sshd -range all
> Is there any way to include the date and time in the logwatch
> report?

There is but it would be a waste of effort. You are much better off
running a little shell script to grep out each of those and mail them
off to you.

[The reason it is a waste is it makes each log line not unique so what
you end up with it just a long list of real log lines instead of a

Mike Tremaine
mgt at stellarcore.net

More information about the Logwatch mailing list