Link to home
Create AccountLog in
Avatar of paries
paries

asked on

looking for help on filtering logwatch

Hello,

Does anyone know how to customize logwatch. Since upgrading to fedora logwatch now gives me to much. it seems like logwatch does not know what to do with jsp and servlet stuff.

the doc does not help me, so hopefully someone can help me

Currently in my log file i am seeing

 A total of 110 sites probed the server ( i have looking in the log file and these are servlet URLS being posted to)
    "POST
    12.189.32.36
    12.189.32.38
    12.222.111.190

then i see this as well (these are also legit).
 !!!! 63 possible successful probes
    /jsp/menu.jsp?dir=jveydovec&lang=null HTTP Response 200
    /jsp/menu.jsp?dir=afritz&lang=null HTTP Response 200
    /jsp/menu.jsp?dir=tamarawolfe&lang=null HTTP Response 200
    /jsp/menu.jsp?dir=bmckneely&lang=null HTTP Response 200

So I am looking for help on how to filter these out

RP
Avatar of wbstech
wbstech

The upgrade probably just gave you some new filter settings, which you didn't want. You can reconfigure logwatch using the Log Filter Setup :- More detailed info available here: http://www.cequrux.com/support/firewall/node86.htm - You may want to view the 'Previous' article on that page aswell if you're not familiar with Log Filter Setup.
Sorry - wrong link I think, bare with me, i'll find the right one.
ASKER CERTIFIED SOLUTION
Avatar of wbstech
wbstech

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer