Menu
▾
▴
Re: [Logwatch-devel] Excess sshd unmatched entries
|
From: Bjorn <bj...@us...> - 2019-07-28 19:41:56
|
Can you provide a sample of the Unmatched Entries? Make sure the syntax
is preserved if you want to obscure identifying information.
On 7/27/19 10:12 AM, Glenn Talbott wrote:
> Logwatch People,
>
>
>
> FYI:
>
>
>
> # Ubuntu 18.04.02 LTS (i386) OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL
> 1.0.2n 7 Dec 2017:
>
> # Logwatch 7.4.3 (released 12/07/16):
>
> # I recently changed my router firewall config to forward TCP/UDP:22 to
> <this PC> for SSH server so I can get a shell prompt when not at home.
>
> # A side effect of this change generates literally thousands of
> "Unmatched Entries" in Logwatch from many IP addresses as bad guys try
> to break into ssh.
>
> # My workaround is to comment out the following if statement in
> /etc/logwatch/scripts/services/sshd (copied from
> /usr/share/logwatch/scripts/services/sshd).
>
> # Is there a better way to fix this? gta...@fr... July 2019
>
> # ----------------
>
> #if (keys %OtherList) {
>
> # print "\n**Unmatched Entries**\n";
>
> # print "$_ : $OtherList{$_} time(s)\n" foreach keys %OtherList;
>
> #}
>
> # ----------------
>
>
>
> Is there a better way to fix this?
>
>
>
> Regards,
>
>
>
> Glenn Talbott
>
> gta...@fr... <mailto:gta...@fr...>
>
>
>
> P.S. There must be a better category name than “Unmatched Entries” for
> log entries that are not explicitly called out in the script. Before I
> dug into the scripts I always thought that “Unmatched Entries” referred
> to some kind of process that was logged as started but had no matching
> completion entry in the log. “Unmatched Entries” as you used it is
> internal to the script and in that context makes perfect sense to the
> script authors, but it has no meaning to someone externally reading the
> output from Logwatch and knowing nothing of the structure of the scripts.
>
>
>
> My 2 cents worth.
>
>
>
> GT
>
>
>
> _______________________________________________
> Logwatch-devel mailing list
> Log...@li...
> https://lists.sourceforge.net/lists/listinfo/logwatch-devel
>
|
