[Logwatch] sshd log

Mike Tremaine mgt at stellarcore.net
Sun Oct 14 08:44:36 MST 2007


Nicolas Letellier wrote:
> Hello,
>
> I use logwatch and FreeBSD. However, the output of the service SSHD 
> returns only the **Unmatched Entries**.
> Example :
>
> --------------------- SSHD Begin ------------------------ 
>
>  **Unmatched Entries**
>  Oct 12 23:51:40 **** sshd[46235]: Invalid user Silva from ******** : 1 time(s)
>  Oct 12 23:50:44 **** sshd[46071]: Invalid user Piia from ******* : 1 time(s)
>  Oct 12 20:29:49 **** sshd[43869]: Invalid user mcedit from ******** : 1 time(s)
>  Oct 12 23:09:43 **** sshd[45474]: Invalid user Jenni from ********* : 1 time(s)
>  Oct 12 21:09:19 **** sshd[44111]: Invalid user abcde from ******* : 1 time(s)
>  Oct 12 21:49:26 **** sshd[44618]: Invalid user calvin from ****** : 1 time(s)
>  Oct 12 23:50:57 **** sshd[46111]: Invalid user Rauha from ********** : 1 time(s)
>
>
>
> When I used GNU/Linux Debian, i had an different output. Example :
>
>  --------------------- SSHD Begin ------------------------ 
>
>  
>  Didn't receive an ident from these IPs:
>     blablablabla
>  
>  Failed logins from:
>     ****** (neo.mathematik.uni-leipzig.de): 41 times
>        root/password: 29 times
>        mail/password: 2 times
>        news/password: 2 times
>        backup/password: 1 time
>        bin/password: 1 time
>        games/password: 1 time
>        irc/password: 1 time
>        lp/password: 1 time
>        nobody/password: 1 time
>        operator/password: 1 time
>        www-data/password: 1 time
>  
>  Illegal users from:
>     ***** (neo.mathematik.uni-leipzig.de): 407 times
>        test/password: 20 times
>        guest/password: 16 times
>        tester/password: 15 times
>        testing/password: 15 times
>        admin/password: 7 times
>
>
> Why the output is different ? I use the same version of logwatch.The 
> difference is in Debian it's a package ; in FreeBSD, it's the source 
> tarball.
> The log files are the same (/var/log/auth).
>
> I read the files into default.conf/services and default.conf/logfiles, 
> there are the same.
> I don't understand this problem !!
>
> Anybody has an idea ? :-)
>
>   

Are the logwatch release versions the same? 7.3.6 is the latest stable 
release, I have not heard of any specific FreeBSD problems but that does 
not mean they do not exist. Check the rev and let us know.

-Mike


More information about the Logwatch mailing list