[Logwatch] Logwatch 7.3 and sudo (fwd)

Kirk Bauer kirk at kaybee.org
Wed Apr 12 14:02:00 MST 2006


Forward to the list for advice...

-- 
Kirk Bauer <kirk at kaybee.org>
http://linux.kaybee.org | www.autorpm.org | www.logwatch.org

---------- Forwarded message ----------
Date: Wed, 12 Apr 2006 14:04:48 -0600
From: Aaron M Morrison <amm at lanl.gov>
To: kirk at kaybee.org
Subject: Logwatch 7.3 and sudo

Howdy, I've just installed the 7.3 version of logwatch, and for some
reason, I cannot get any info for sudo out of running logwatch --service
sudo or logwatch --logfile secure

However, the entry exists in /var/log/secure

grep sudo /var/log/secure
Apr 12 11:46:16 itchy sudo:      amm : user NOT in sudoers ; TTY=pts/7 ;
PWD=/etc/log.d/scripts/services ; USER=root ; COMMAND=/bin/bash

I can however get the sudo entries from our centralized loghost from
logwatch --logfile messages, as they show up in the messages file on the
loghost.

any ideas?

thanks in advance
amm

[root at itchy services]# logwatch --print --range All --service sudo
[root at itchy services]#
[root at itchy services]# logwatch --print --range All --logfile secure

  ################### Logwatch 7.3 (03/24/06) ####################
         Processing Initiated: Wed Apr 12 13:54:51 2006
         Date Range Processed: all
       Detail Level of Output: 0
               Type of Output: unformatted
            Logfiles for Host: itchy
   ##################################################################

  --------------------- pam_unix Begin ------------------------

  login:
     Authentication Failures:
        unknown (): 1 Time(s)
     Invalid Users:
        Unknown Account: 1 Time(s)

  sshd:
     Authentication Failures:
        root (rhett.lanl.gov): 9 Time(s)


  ---------------------- pam_unix End -------------------------


  --------------------- SSHD Begin ------------------------


  Failed logins from:
     xxx.xxx.xxx.xxx (rhett.lanl.gov): 9 times

  Users logging in through sshd:
     root:
        xxx.xxx.xxx.xxx (tattoo): 1 time

  Error in PAM authentication:
     Authentication failure for root from rhett : 3 Time(s)

  ---------------------- SSHD End -------------------------


  ###################### Logwatch End #########################



More information about the Logwatch mailing list