[Logwatch] No IP Address Reported For Unauthorized ssh Logins

MrC lists-logwatch at cappella.us
Mon Mar 10 16:17:57 MST 2008


Benjamin Avdicevic wrote:
> Hello,
> 
> I would like to know why logwatch does not report IP addresses of
> Failed/Unauthorized ssh login attempts.  In case that someone was attacking
> my machine I would not be able to see which IP they are coming from.
> 
> Following is the output of pam_unix section of:  # logwatch --print --range
> Today --detail 10

Ben,

Perhaps the pam_unix log entries do not contain the IP address to report.

> 
>  --------------------- pam_unix Begin ------------------------
> 
> sshd:
>    Invalid Users:
>       Unknown Account: 3 Time(s)
> 
> 
>  ---------------------- pam_unix End -------------------------
> 
> It is showing that there were 3 Invalid Users, which is correct, because I
> tried 3 times to log in with ssh as an unauthorized user.  But it is not
> showing me an IP address of the machine I was connecting from.

Try instead: --service sshd

MrC


> 
> I searched through the archives but couldn't find anything on this issue.
> 
> Thanks,
> Ben
> 


More information about the Logwatch mailing list