Package: logwatch
Version: 7.1-1
Severity: wishlist
Tags: patch
User-Agent: mutt-ng/devel-r782 (Debian)

Dear Debian Developer and Upstream Authors of the LogWatch,

Please find attached scripts/configs for including reports about
fail2ban(http://fail2ban.sourceforge.net/) activity.  As the starting
point I took configs provided by "Rarig, Harry" <[EMAIL PROTECTED]>
and logwatch ssh script and also had to generate a new apply*date
script, since the time format in fail2ban logs seems to be not covered
by any present in the shipped logwatch.

I am emailing both DD and upstream since version shipped by Debian (7.1)
seems to be not the most recent stable upstream, and I believe that if
you decide to include the scripts, they will be included just in the
development branch. Dear DD, I would really appreciate if you include
the scripts in logwatch package meanwhile -- quite a few users would
benefit from that.

Here are examples of reports generated with provided scripts:

Verbose (Detail >=10):

 --------------------- fail2ban-messages Begin ------------------------

 Banned services with Fail2Ban:                             Bans:Unbans
    SSH:                                                    [  6:6  ]
       210.103.124.7                                           1:1
         Failed  5 times
       210.14.28.59                                            1:1
         Failed  5 times
       165.230.95.72 (tractatus.rutgers.edu)                   4:4
         Failed  5 5 5 5 times
    VSFTPD:                                                 [  1:1  ]
       72.9.234.170 (star.dnsprotect.com)                      1:1

 **Unmatched Entries**
 2006-03-05 18:13:24,365 WARNING:  is not a valid IP address
 2006-03-12 07:50:09,404 WARNING:  is not a valid IP address
<SKIPPED>

Regular (Detail==5)
 --------------------- fail2ban-messages Begin ------------------------

 Banned services with Fail2Ban:                             Bans:Unbans
    SSH:                                                    [  6:6  ]
       210.103.124.7                                           1:1
       210.14.28.59                                            1:1
       165.230.95.72 (tractatus.rutgers.edu)                   4:4
    VSFTPD:                                                 [  1:1  ]
       72.9.234.170 (star.dnsprotect.com)                      1:1

 **Unmatched Entries**
 2006-03-05 18:13:24,365 WARNING:  is not a valid IP address
 2006-03-12 07:50:09,404 WARNING:  is not a valid IP address
<SKIPPED>

Minimal verbosity (Detail == 0):
 --------------------- fail2ban-messages Begin ------------------------

 Banned services with Fail2Ban:                             Bans:Unbans
    SSH:                                                    [  6:6  ]
    VSFTPD:                                                 [  1:1  ]

 ---------------------- fail2ban-messages End -------------------------


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13.4
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)

Versions of packages logwatch depends on:
ii  gawk             1:3.1.5-1               GNU awk, a pattern scanning and pr
ii  mailx            1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii  perl             5.8.7-10                Larry Wall's Practical Extraction 

logwatch recommends no packages.

-- no debconf information


-- 
                                  .-.
=------------------------------   /v\  ----------------------------=
Keep in touch                    // \\     (yoh@|www.)onerussian.com
Yaroslav Halchenko              /(   )\               ICQ#: 60653192
                   Linux User    ^^-^^    [175555]


Attachment: fail2ban.logwatch.v5.tgz
Description: application/tar-gz

Reply via email to