https://sourceforge.net/p/logwatch/patches/84/ --- a/conf/services/secure.conf +++ b/conf/services/secure.conf @@ -24,7 +24,7 @@ $secure_ip_lookup = No # Use this to ignore certain services in the secure log. # You can ignore as many services as you would like. # (we ignore sshd because its entries are processed by the sshd script) -$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd +$ignore_services = sshd sshd-session Pluto stunnel proftpd saslauthd imapd postfix/smtpd # For these services, summarize only (i.e. don't least each IP, just # list the number of connections total) --- a/conf/services/sshd.conf +++ b/conf/services/sshd.conf @@ -19,7 +19,7 @@ LogFile = secure LogFile = messages # Only give lines pertaining to the sshd service... -*OnlyService = sshd +*OnlyService = (sshd|sshd-session) *RemoveHeaders # Variable $sshd_ignore_host is used to filter out hosts that login --- a/scripts/services/sshd +++ b/scripts/services/sshd @@ -246,9 +246,9 @@ while (defined(my $ThisLine = )) { $NoIdent{$name}++; } elsif ( ($ThisLine =~ m/^(?:error:.*|fatal:) Connection closed by remote host/ ) or - ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+): Connection reset by peer/ ) or + ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+)(| port \d+): Connection reset by peer/ ) or ($ThisLine =~ m/^error: .*: read: Connection reset by peer/ ) or - ($ThisLine =~ m/^Read error from remote host [^ ]+: (Connection timed out|No route to host)/ ) or + ($ThisLine =~ m/^Read error from remote host [^ ]+(| port \d+): (Connection timed out|No route to host)/ ) or ($ThisLine =~ m/^fatal: Read from socket failed: No route to host/) or ($ThisLine =~ m/^fatal: Write failed: Network is unreachable/ ) or ($ThisLine =~ m/^fatal: Write failed: Broken pipe/) or