If there is any interest, I have added ip domain name lookup to logwatch services/mod_security2 by adding or editing in the following. Since I am just a sys admin and know little about perl, likely a better method but here it is. I have found it useful for loosening up the rules here and there for various ips like search engine crawls.
If there is any interest, I have added ip domain name lookup to logwatch services/mod_security2 by adding or editing in the following. Since I am just a sys admin and know little about perl, likely a better method but here it is. I have found it useful for loosening up the rules here and there for various ips like search engine crawls.
use Socket; my $name = ();
Start summary
$name = gethostbyaddr(inet_aton($fromip), AF_INET) or $name = "not in arpa"; print " [ip: " . sprintf("%-15s", $fromip) . "] "; print " $name ";
Top 10 blocked IPs
$name = gethostbyaddr(inet_aton($ip), AF_INET) or $name = "not in arpa"; print "\n " . sprintf("%2s", ($cnt + 1)) . ". " . $ip . " - " . $topips{$ip} . " time(s)"; print " $name ";