[Logwatch] iptables summary on Ubuntu

Dale Morin dale at MustangInternetServices.com
Sun Jan 21 11:34:52 MST 2007

>> The difference is the [52899815.060000] in the Ubuntu/Debian record.
>> Since it is a timestamp, it prevents logwatch from summarizing the
>> number
>> of logged packets by IP.  This makes the kernel section of the logwatch
>> report much larger than it needs to be.
> How about doing it the other way around? Check the iptables config to drop
> the extra timestamp and you have no need to change logwatch files.
> As I have not seen the request before one can argue it is something rather
> specific to your config of your iptables setup.

Agreed, that would be my first choice.  I am running a stock Ubuntu 6.06
(dapper) setup and the kernel log format inserts the timestamp.  I am
running the same firewall on a redhat box and there is no timestamp in the
iptables log records.  From that I just concluded it is a difference
between Ubuntu/Debian and Redhat log formats.

I would prefer to remove the timestamp from the log records rather than
have to skip it later.

Dale Morin, Mustang Internet Services, Inc.

More information about the Logwatch mailing list