[Logwatch] logwatch 6.1 and entry timestamp

Mike Tremaine mgt at stellarcore.net
Thu Jun 9 08:41:53 MST 2005


On Tue, 2005-05-31 at 09:04, Juan Perez wrote:
> I am trying to setup logwatch to monitor failed ssh logins. In
> order to report the data to someone I need to have, along with
> the source IP address the time when the entry was made in the
> log file. The timestam exists in the file, as this:
> 
> May 30 18:38:57 extscanner sshd[10592]: Failed password for
> nobody from 216.197.156.184 port 37725 ssh2
> 
> Logwatch reports this:
> 
> nobody/password from 216.197.156.184: 1 Time(s)
> 
> Logwatch was run with this syntax:
> 
>  /usr/sbin/logwatch -print -debug med  -output mail -service
> sshd -range all
> 
> 
> Is there any way to include the date and time in the logwatch
> report?
> 

There is but it would be a waste of effort. You are much better off
running a little shell script to grep out each of those and mail them
off to you.

[The reason it is a waste is it makes each log line not unique so what
you end up with it just a long list of real log lines instead of a
summary.]


-- 
Mike Tremaine
mgt at stellarcore.net
http://www.stellarcore.net



More information about the Logwatch mailing list