Menu
▾
▴
[Logwatch-devel] Excess sshd unmatched entries
|
From: Glenn T. <gta...@fr...> - 2019-07-27 16:38:01
|
Logwatch People,
FYI:
# Ubuntu 18.04.02 LTS (i386) OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n
7 Dec 2017:
# Logwatch 7.4.3 (released 12/07/16):
# I recently changed my router firewall config to forward TCP/UDP:22 to
<this PC> for SSH server so I can get a shell prompt when not at home.
# A side effect of this change generates literally thousands of "Unmatched
Entries" in Logwatch from many IP addresses as bad guys try to break into
ssh.
# My workaround is to comment out the following if statement in
/etc/logwatch/scripts/services/sshd (copied from
/usr/share/logwatch/scripts/services/sshd).
# Is there a better way to fix this? gta...@fr... July 2019
# ----------------
#if (keys %OtherList) {
# print "\n**Unmatched Entries**\n";
# print "$_ : $OtherList{$_} time(s)\n" foreach keys %OtherList;
#}
# ----------------
Is there a better way to fix this?
Regards,
Glenn Talbott
gta...@fr...
P.S. There must be a better category name than "Unmatched Entries" for log
entries that are not explicitly called out in the script. Before I dug into
the scripts I always thought that "Unmatched Entries" referred to some kind
of process that was logged as started but had no matching completion entry
in the log. "Unmatched Entries" as you used it is internal to the script and
in that context makes perfect sense to the script authors, but it has no
meaning to someone externally reading the output from Logwatch and knowing
nothing of the structure of the scripts.
My 2 cents worth.
GT
|
