I have a CentOS 5.6 system, which runs Logwatch.
If I perform a security scan (Nessus) against this host, it produces unnecessary noise in the Logwatch output. I'd like to run these security scans regularly, from an internal IP and an external IP, without generating unnecessary noise about the security scans.
Since I know the IPs of these hosts, can I prevent this output from showing up in the Logwatch output?
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (scan1.example.org): 1 Time(s)
unknown (scan1.example.org): 1 Time(s)
Invalid Users:
Unknown Account: 1 Time(s)
--------------------- SSHD Begin ------------------------
Failed logins from:
192.168.100.1 (scan1.example.org): 1 time
Illegal users from:
X.Y.123.123 (scan2.example.org): 1 time
**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving information about user admin : 1 time(s)
fatal: Write failed: Connection reset by peer : 1 time(s)