RH 7.2 Logwatch and xinetd no_access
Kent Borg
kentborg at borg.org
Mon Apr 29 11:08:35 EDT 2002
My (loosing) battle with spam has concentrated on sending complaints
and putting new "no_access" entries in "/etc/xinetd.d/qmail".
And with Red Hat 7.2 I get a logwtch e-mail every day summarizing what
has been happening in /var/log/secure. Pretty cool, it summarizes
that so-and-so has logged in over ssh n-times from IP address
such-and-such, and things like that. But when it gets to the refused
e-mail connections from spammers it has a large block that starts
something like this:
**Unmatched Entries**
xinetd[16277]: FAIL: smtp address from=128.121.16.247
But there are a lot of strings run together from the "xinetd" part to
the IP address part.
Has anyone done the research to figure out how to tell logwatch to
summarize these xinetd refusals? On any given day there is a lot of
repetition in this, it is only a handful of spammers who keep hitting
me over and over again. It would be nice to turn that part of the
logwatch into just a couple three lines.
Poking around it looks like adding a
/etc/log.d/conf/services/xinetd.conf isn't good enough, it then wants
a real script that does the real work in
/etc/log.d/scripts/services/xinetd. Anyone written one?
-kb
More information about the Discuss
mailing list