• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

looking for help on filtering logwatch

Hello,

Does anyone know how to customize logwatch. Since upgrading to fedora logwatch now gives me to much. it seems like logwatch does not know what to do with jsp and servlet stuff.

the doc does not help me, so hopefully someone can help me

Currently in my log file i am seeing

 A total of 110 sites probed the server ( i have looking in the log file and these are servlet URLS being posted to)
    "POST
    12.189.32.36
    12.189.32.38
    12.222.111.190

then i see this as well (these are also legit).
 !!!! 63 possible successful probes
    /jsp/menu.jsp?dir=jveydovec&lang=null HTTP Response 200
    /jsp/menu.jsp?dir=afritz&lang=null HTTP Response 200
    /jsp/menu.jsp?dir=tamarawolfe&lang=null HTTP Response 200
    /jsp/menu.jsp?dir=bmckneely&lang=null HTTP Response 200

So I am looking for help on how to filter these out

RP
0
paries
Asked:
paries
  • 3
1 Solution
 
wbstechCommented:
The upgrade probably just gave you some new filter settings, which you didn't want. You can reconfigure logwatch using the Log Filter Setup :- More detailed info available here: http://www.cequrux.com/support/firewall/node86.htm - You may want to view the 'Previous' article on that page aswell if you're not familiar with Log Filter Setup.
0
 
wbstechCommented:
Sorry - wrong link I think, bare with me, i'll find the right one.
0
 
wbstechCommented:
Ok - The way I do it on Linux is through webmin - It has an extensive module for logwatch which can allow you to configure it to your liking.

http://www.webmin.com/
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now