I keep getting text alerts that say this: "Root was logged into whostmgrd using following authentication service: system". It doesn't provide an IP address, it just says "Local Machine", so the email is automatically useless to me. What is more, it is always us logging in. Of course we've already restricted access to whostmgrd by IP address, but it doesn't seem to check that list before sending out an alert, or it's possible that it does check it, but since the "Local Machine" isn't on that list, it sends out an alert.
Why this is a problem: Everyone on the list is getting repeated messages in the middle of the night as often as every 15 minutes depending on the activity.
I'd like for these alerts to a) send the actual IP address of the person logging into whm as root, and b) only send it when the IP address isn't on the host access list for this service. Barring that, I'd like a way to shut them off entirely short of removing all names from the contact manager, but there doesn't seem to be a way to do that.
Why this is a problem: Everyone on the list is getting repeated messages in the middle of the night as often as every 15 minutes depending on the activity.
I'd like for these alerts to a) send the actual IP address of the person logging into whm as root, and b) only send it when the IP address isn't on the host access list for this service. Barring that, I'd like a way to shut them off entirely short of removing all names from the contact manager, but there doesn't seem to be a way to do that.
