[Logwatch] Logwatch and IP address reporting

MrC lists-logwatch at cappella.us
Mon Jun 18 15:07:33 MST 2007


> Hello all
> 
>    I would like to know if it is possible to report the whole 
> log entry being matched while the monitoring processes. Using 
> syslog to deport logs from remote machines, i would like to 
> see the address IP of the source of the log entries in my 
> centralized log file on the server.
> 
> >From logwatch report:
> **Unmatched Entries**
>     (root-5110): dC)marrage (version 2.16.1), pid 5110 
> utilisateur B+B rootB B; : 1 Time(s)
> 
> >From my log file (auth.log)
> Jun 18 10:48:19 194.3.***.*** (root-5110): dimarrage (version 
> 2.16.1), pid 5110 utilisateur + root
> 

I can't tell what service this is from.  Can you clarify?

In general, most of the services are written such that they expect syslog's
dates, service names, etc. to be stripped from the input.  For such filters,
the filter and its configuration file need to be updated to not strip this
information, and report / use it in a meaningful way.

MrC



More information about the Logwatch mailing list