Mr Zesty's BrainDump

User Tools

Site Tools

Trace: Disable IPtables Report in Logwatch
disableiptablesreportinlogwatch

Disable IPtables Report in Logwatch

In my smaller environments I have logwatch enabled to send me a daily status email from the server. I find that the list of blocks by iptables on an Internet-connect host is very noisy. 

 --------------------- iptables firewall Begin ------------------------


 Listed by source hosts:
 Dropped 4397 packets on interface eth0
   From 1.93.55.131 - 1 packet to tcp(3306)
   From 1.93.55.159 - 1 packet to tcp(1322)
   From 1.229.35.65 - 1 packet to udp(23509)
   From 12.181.18.32 - 1 packet to tcp(5900)
   From 14.216.108.81 - 3 packets to tcp(23)
   From 23.94.244.79 - 2 packets to tcp(135)
   From 24.159.201.122 - 1 packet to udp(23509)
   From 37.59.42.95 - 1 packet to tcp(57966)
   From 42.96.133.172 - 1 packet to tcp(1433)
   From 46.239.121.16 - 1 packet to udp(123)
   From 49.89.193.183 - 1 packet to tcp(23)
   From 54.230.8.247 - 2 packets to tcp(10838)
   From 58.175.244.168 - 4 packets to tcp(80,8080)

To disable the check, I remove the logfile source of the iptables check. 

echo "services/iptables: LogFile =" >> /etc/logwatch/conf/override.conf
disableiptablesreportinlogwatch.txt · Last modified: 2020/02/13 22:55 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki
free spam filter