I don't want the "rhost" entries in /var/log/secure to do reverse DNS lookups.
I want the file to contain the IP addresses for failures. How can I handle this?
Thanks!
Logging IP addresses in /var/log/secure
Re: Logging IP addresses in /var/log/secure
If you take SSH as an example then /var/log/secure already logs host name + IP address ( see 'awk '/refused/ {print $10}' /var/log/secure;') and either it's server-side lookups being governed by setting UseDNS in sshd_config (same as running sshd with "-u0"?) or it's caused by using tcp_wrappers. You've got some testing to do I think.thehemi wrote:I don't want the "rhost" entries in /var/log/secure to do reverse DNS lookups.
I want the file to contain the IP addresses for failures. How can I handle this?