[Logwatch] (no subject)

Bjorn L. bl_logwatch2 at mblmail.net
Sun Oct 14 18:36:12 MST 2007


You can also get more info by specifying '--detail 10'.
For http, that will print per-IP info.

If that does not give you what you need, you might need more
info in the raw logs.  Check the configuration files for the
service you are logging (for http, that would be httpd.conf).

Logwatch only parses and interprets existing logs.



Thomas Hillson wrote:
> How can I change my logwatch configuration to include the IP Number  
> of the system trying to attack my server? I am specifically trying to  
> get more information on what Mod_security is putting into my httpd  
> log file on RHEL 4 and 5 systems. I get the event but I would like  
> the IP Numbers so I can track multiple attacks from the same machine  
> and attacks that may be local.
> 
> thanks,
> 
> Tom
> 
> /----------------------------------------------------------------------- 
> ---
> | Tom Hillson            Agriculture Computer Services Manager
> |(515) 294-1543          College of Agriculture
> |                        Iowa State University
> ------------------------------------------------------------------------ 
> ---
> |"The only thing I have too much of is too little time"
> 
> 
> 
> _______________________________________________
> Logwatch mailing list
> Logwatch at logwatch.org
> http://www2.list.logwatch.org:81/mailman/listinfo/logwatch


More information about the Logwatch mailing list