Hello,
I would like to have the logwatch resolve the IPs addresses in the report
that it sends by email.
Right now I get this:
--------------------- httpd Begin ------------------------
1.75 MB transferred in 344 responses (1xx 0, 2xx 309, 3xx 6, 4xx 29, 5xx
0)
56 Images (0.07 MB),
1 Documents (0.00 MB),
242 Content pages (1.54 MB),
45 Other (0.13 MB)
Attempts to use known hacks by 2 hosts were logged 24 time(s) from:
192.168.0.26: 19 Time(s)
^null$ 19 Time(s)
192.168.0.22: 5 Time(s)
^null$ 5 Time(s)
A total of 2 sites probed the server
192.168.0.22
192.168.0.26
Requests with error response codes
400 Bad Request
/: 5 Time(s)
408 Request Timeout
null: 24 Time(s)
---------------------- httpd End -------------------------
My /etc/logwatch/conf/logwatch.conf is very simple:
mailer = "/usr/sbin/sendmail -t"
TmpDir = /tmp
MailFrom = root
Detail = High
Range = yesterday
I also noticed that logwatch(8) has the --numeric which disables DNS
lookups and
which I am not using as seen in /etc/cron.daily/00logwatch:
#!/bin/bash
#Check if removed-but-not-purged
test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
#execute
/usr/sbin/logwatch --output mail
#Note: It's possible to force the recipient in above command
#Just pass --mailto addr...@a.com instead of --output mail
Any ideas ?
