Hi All,
I find that when checking out Logwatch reports I have to go into each log to find out what else an IP number has been up to. I currently open up each log (eg. messages, secure, mailog etc.) in a new tab then copy/paste each IP number I want to research into each tab to see the results. I have often been surprised at the results with bad actors getting banned in one service and then moving on to another. Or slow attacks over a long period of days/weeks. Then I take such action as needed. For example, manually add the IP number to Recidive in the Fail2ban service.
It would be nice if all logs could be searched on one page.
Of course, maybe that exists somewhere but I haven’t found it. It could be that I am just stupid/weird/paranoid/crazy. (delete as appropriate)
Just a thought of a possible addon to a spectacular software.
Thanks guys.