[Logwatch] iptables summary on Ubuntu
dale at MustangInternetServices.com
Sun Jan 21 11:34:52 MST 2007
>> The difference is the [52899815.060000] in the Ubuntu/Debian record.
>> Since it is a timestamp, it prevents logwatch from summarizing the
>> of logged packets by IP. This makes the kernel section of the logwatch
>> report much larger than it needs to be.
> How about doing it the other way around? Check the iptables config to drop
> the extra timestamp and you have no need to change logwatch files.
> As I have not seen the request before one can argue it is something rather
> specific to your config of your iptables setup.
Agreed, that would be my first choice. I am running a stock Ubuntu 6.06
(dapper) setup and the kernel log format inserts the timestamp. I am
running the same firewall on a redhat box and there is no timestamp in the
iptables log records. From that I just concluded it is a difference
between Ubuntu/Debian and Redhat log formats.
I would prefer to remove the timestamp from the log records rather than
have to skip it later.
Dale Morin, Mustang Internet Services, Inc.
More information about the Logwatch