[Logwatch] No IP Address Reported For Unauthorized ssh Logins

MrC lists-logwatch at cappella.us
Mon Mar 10 16:17:57 MST 2008

Benjamin Avdicevic wrote:
> Hello,
> I would like to know why logwatch does not report IP addresses of
> Failed/Unauthorized ssh login attempts.  In case that someone was attacking
> my machine I would not be able to see which IP they are coming from.
> Following is the output of pam_unix section of:  # logwatch --print --range
> Today --detail 10


Perhaps the pam_unix log entries do not contain the IP address to report.

>  --------------------- pam_unix Begin ------------------------
> sshd:
>    Invalid Users:
>       Unknown Account: 3 Time(s)
>  ---------------------- pam_unix End -------------------------
> It is showing that there were 3 Invalid Users, which is correct, because I
> tried 3 times to log in with ssh as an unauthorized user.  But it is not
> showing me an IP address of the machine I was connecting from.

Try instead: --service sshd


> I searched through the archives but couldn't find anything on this issue.
> Thanks,
> Ben

More information about the Logwatch mailing list