[Logwatch] Logwatch question

Vinny LaBonia vincent.labonia at yale.edu
Wed Feb 15 08:43:28 MST 2006


Hi, I'm trying to run logwatch on AIX. I see that it was written for Linux 
defaults but I modified  ( or tried) for AIX.

Our main purpose for running logwatch  is to report on invalid logons, su's 
to root, bad shh connections, sudo's etc.

When I enable the sshd2 part, It reports on more than just sshd2 entries in 
the sshd2 section. Also, the entries do not appear in order.  Also, if 
there is a sudo entry in the syslog, it will be reported in the ssh2 
section and not in the sudo section ( the sudo section doesn't show up at all)


Feb 15 05:32:09 davenport su: from root to oracle at /dev/tty?? : 1 Time(s)
  Feb 15 06:10:59 davenport su: from root to rptmart3 at /dev/tty?? : 1 Time(s)
  Feb 15 00:54:01 davenport sshd2[897746]: X11 connection from 
130.132.40.34:42194 (davenport.its.yale.edu): 1 Time(s)
  Feb 15 10:07:52 davenport syslog: ifconfig en0: 2 Time(s)
  Feb 15 08:43:28 davenport CA_LIC: Computer Associates Licensing -2ADX- 
License Failure. Please contact your account representative to obtain a new 
license. LRF=2ADX,000000000000,IBM_4C00_2_*,davenport,1: 1 Time(s)
  Feb 15 09:30:12 davenport su: from jcy4 to yudwbdw7 at /dev/pts/2 : 1 Time(s)
  Feb 15 09:10:36 davenport sshd2[215884]: connection lost: 'Connection 
closed.': 1 Time(s)
  Feb 15 03:00:08 davenport su: from root to oracle at /dev/tty?? : 1 Time(s)
  Feb 15 09:10:35 davenport sshd2[81542]: connection from "130.132.43.16": 
1 Time(s)
  Feb 15 05:54:58 davenport su: from root to oracle at /dev/tty?? : 1 Time(s)


Any help you can give me will be welcome.

Thanks

  


More information about the Logwatch mailing list