Package: logwatch Version: 7.1-1 Severity: wishlist Tags: patch User-Agent: mutt-ng/devel-r782 (Debian)
Dear Debian Developer and Upstream Authors of the LogWatch, Please find attached scripts/configs for including reports about fail2ban(http://fail2ban.sourceforge.net/) activity. As the starting point I took configs provided by "Rarig, Harry" <[EMAIL PROTECTED]> and logwatch ssh script and also had to generate a new apply*date script, since the time format in fail2ban logs seems to be not covered by any present in the shipped logwatch. I am emailing both DD and upstream since version shipped by Debian (7.1) seems to be not the most recent stable upstream, and I believe that if you decide to include the scripts, they will be included just in the development branch. Dear DD, I would really appreciate if you include the scripts in logwatch package meanwhile -- quite a few users would benefit from that. Here are examples of reports generated with provided scripts: Verbose (Detail >=10): --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans SSH: [ 6:6 ] 210.103.124.7 1:1 Failed 5 times 210.14.28.59 1:1 Failed 5 times 165.230.95.72 (tractatus.rutgers.edu) 4:4 Failed 5 5 5 5 times VSFTPD: [ 1:1 ] 72.9.234.170 (star.dnsprotect.com) 1:1 **Unmatched Entries** 2006-03-05 18:13:24,365 WARNING: is not a valid IP address 2006-03-12 07:50:09,404 WARNING: is not a valid IP address <SKIPPED> Regular (Detail==5) --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans SSH: [ 6:6 ] 210.103.124.7 1:1 210.14.28.59 1:1 165.230.95.72 (tractatus.rutgers.edu) 4:4 VSFTPD: [ 1:1 ] 72.9.234.170 (star.dnsprotect.com) 1:1 **Unmatched Entries** 2006-03-05 18:13:24,365 WARNING: is not a valid IP address 2006-03-12 07:50:09,404 WARNING: is not a valid IP address <SKIPPED> Minimal verbosity (Detail == 0): --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans SSH: [ 6:6 ] VSFTPD: [ 1:1 ] ---------------------- fail2ban-messages End ------------------------- -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13.4 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages logwatch depends on: ii gawk 1:3.1.5-1 GNU awk, a pattern scanning and pr ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii perl 5.8.7-10 Larry Wall's Practical Extraction logwatch recommends no packages. -- no debconf information -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555]
fail2ban.logwatch.v5.tgz
Description: application/tar-gz