Logging IP addresses in /var/log/secure

Support for security such as Firewalls and securing linux
Post Reply
thehemi
Posts: 1
Joined: 2014/03/17 14:29:47
Location: Texas

Logging IP addresses in /var/log/secure

Post by thehemi » 2014/03/17 14:57:35

I don't want the "rhost" entries in /var/log/secure to do reverse DNS lookups.
I want the file to contain the IP addresses for failures. How can I handle this?

Thanks!
Top
unspawn
Posts: 172
Joined: 2006/12/11 12:28:52

Re: Logging IP addresses in /var/log/secure

Post by unspawn » 2014/04/05 11:24:56

thehemi wrote:I don't want the "rhost" entries in /var/log/secure to do reverse DNS lookups.
I want the file to contain the IP addresses for failures. How can I handle this?
If you take SSH as an example then /var/log/secure already logs host name + IP address ( see 'awk '/refused/ {print $10}' /var/log/secure;') and either it's server-side lookups being governed by setting UseDNS in sshd_config (same as running sshd with "-u0"?) or it's caused by using tcp_wrappers. You've got some testing to do I think.
Top
Post Reply

Return to “CentOS 5 - Security Support”