On Mon, 25 Sep 2017 09:52:17 +0200 Herman van Rink <r...@initfour.nl> wrote: > On Wed, 12 Jul 2017 17:38:10 +1000 Russell Coker <russ...@coker.com.au> > wrote: > > I've attached the patch I use to deal with this. While this patch may > not be > > suitable for a Debian package I think that it's worth sharing so other > users > > can make a custom version to fix this problem. It's really a big deal > when > > you have 30,000 logins per day... > > Thanks, that patch works.
Please find a slightly improved patch that also ignores IPv6 connections. Regards, Simon
Index: logwatch-7.4.3+git20161207/scripts/services/sshd
===================================================================
--- logwatch-7.4.3+git20161207.orig/scripts/services/sshd
+++ logwatch-7.4.3+git20161207/scripts/services/sshd
@@ -390,6 +390,10 @@ while (defined(my $ThisLine = <STDIN>))
} elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^
]*)(?: port [^ ]*)?: (.*)$/)) {
# Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at
severity level INFO
if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
+ } elsif ($ThisLine =~ /^Disconnected from [0-9a-f:.]+ port [0-9]+$/) {
+ # annoying second message about disconnect
+ } elsif ($ThisLine =~ /^Close session: user .+ from [0-9a-f:.]+ port [0-9]+
id 0$/) {
+ # annoying message closing session
} elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {
$RootLogin{$Host}++;
} elsif ( my ($Error) = ($ThisLine =~ /^Cannot release PAM
authentication\[\d\]: (.*)$/)) {
signature.asc
Description: OpenPGP digital signature
