Hola,
I have logwatch set up on my server, and there is a stanza in my daily email called "**Unmatched Entries**", which is filled with lines from either ipa or sssd:
Failed password for usename@domain.com from 10.126.67.170 port 57331 ssh2 : 2 time(s) Accepted password for usename@domain.com from 10.126.67.170 port 61402 ssh2 : 1 time(s) pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=hostname.domain.com user=usename@domain.com : 1 time(s)
Does anyone have a logwatch .conf script that they have written? Does such a thing formally exist for ipa/sssd?
cheers L.
------ "Mission Statement: To provide hope and inspiration for collective action, to build collective power, to achieve collective transformation, rooted in grief and rage but pointed towards vision and dreams."
- Patrisse Cullors, *Black Lives Matter founder*