Comment 0 for bug 1904362

By default, logwatch performs a hostname lookup of every IP address reported in SSHD logs. This has two negative consequences:

1. If there are lots of IP addresses to lookup, this increases the runtime of logwatch significantly.
2. If logwatch is set to email logs, some spam filters detect the hostnames as URLs and will flag the log as spam due to the apparently large number of links in the email. See https://serverfault.com/questions/977628/logwatch-emails-marked-as-spam-how-to-stop-reverse-dns-on-bot-hosts/1042679 .

Following a request for help to disable hostname lookups in sshd...
https://sourceforge.net/p/logwatch/discussion/1115929/thread/952d84109c/
a developer committed a change to support this feature...
https://sourceforge.net/p/logwatch/git/ci/88c0d675f10e425faeddd23316c061f425f39a06/

This wishlist has two requests:
1. Backport the patch (which is very easy to apply) to logwatch packages in currently supported LTS versions of Ubuntu
2. Set the distribution default config to disable SSHD IP lookups by default. This could be accomplished by introducing /usr/share/logwatch/dist.conf/services/sshd.conf with contents:
$sshd_ip_lookup = No