Logwatch mails many lines it didn't parse: **Unmatched Entries** SSH: Server;Ltype: Version;Remote: 83.143.40.122-35122;Protocol: 2.0;Client: libssh-0.11 : 1 time(s) SSH: Server;Ltype: Version;Remote: 194.105.17.167-56911;Protocol: 2.0;Client: libssh-0.1 : 1 time(s) SSH: Server;Ltype: Version;Remote: 50.7.233.202-53533;Protocol: 2.0;Client: libssh-0.1 : 1 time(s) SSH: Server;Ltype: Version;Remote: 83.143.40.122-58825;Protocol: 2.0;Client: libssh-0.11 : 1 time(s) SSH: Server;Ltype: Version;Remote: 83.143.40.122-60873;Protocol: 2.0;Client: libssh-0.11 : 1 time(s) Reproducible: Always Expected Results: I expected it to parse the lines and not mail them to me. http://forums.gentoo.org/viewtopic-t-894104-start-0.html http://sourceforge.net/tracker/index.php?func=detail&aid=3257504&group_id=312875&atid=1316824
This has been fixed upstream but there has not been a release yet. Any chance that we can include this fix? Logwatch emails for any system with a publicly available SSH with HPN enabled (the default) can grow very large and thus unusable if the server sees a lot of traffic (or probes).
(In reply to comment #1) feel free to make whatever commits you like to logwatch
Hmm, actually the fix hasn't been applied upstream, but since the patch is straightforward I've added it to the tree: logwatch-7.4.0-r1
