Difference between revisions of "Logwatch"
Nicolatiana (talk | contribs) |
Nicolatiana (talk | contribs) |
||
Line 16: | Line 16: | ||
==Mixed tweaks== | ==Mixed tweaks== | ||
===Mail messages in html=== | ===Mail messages in html=== | ||
− | If you want the mail message in html format you must edit the | + | If you want the mail message in html format you must edit the main perl script with your favourite editor (mc, nano, joe, vi....): |
/usr/share/logwatch/scripts/logwatch.pl | /usr/share/logwatch/scripts/logwatch.pl | ||
find the line (it should be line 78): | find the line (it should be line 78): | ||
Line 23: | Line 23: | ||
$Config{'output'} = "html"; | $Config{'output'} = "html"; | ||
===Parsing Fetchmail log=== | ===Parsing Fetchmail log=== | ||
− | The actual realease does not contain a script to parse /var/maillog | + | The actual realease does not contain a script to parse /var/maillog; you can simply add a script and the related conf to do this. |
+ | Create the fetchmail script file: | ||
+ | /usr/share/logwatch/scripts/services/fetchmail | ||
+ | and paste into the file: | ||
+ | ########################################################################## | ||
+ | # $Id: fetchmail $ | ||
+ | ########################################################################## | ||
+ | |||
+ | ######################################################## | ||
+ | # This was written and is maintained by: | ||
+ | # Oron Peled <oron \@\ actcom.net.il> | ||
+ | # | ||
+ | ######################################################## | ||
+ | my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; | ||
+ | my %no_mail; | ||
+ | my %messages_for; | ||
+ | my %auth_fail; | ||
+ | my %conn_fail; | ||
+ | |||
+ | #Inits | ||
+ | |||
+ | while (defined($ThisLine = <STDIN>)) { | ||
+ | chomp($ThisLine); | ||
+ | $ThisLine =~ s/^[a-zA-Z0-9]+: //; | ||
+ | if($ThisLine =~ s/^No mail for (\S+) at (\S+)//) { | ||
+ | $no_mail{"${1} at ${2}"}++; | ||
+ | } elsif($ThisLine =~ /^reading message /) { | ||
+ | # ignore | ||
+ | } elsif($ThisLine =~ s/^Query status=[23]//) { | ||
+ | # ignore. Counted below (Authorization, Connection) | ||
+ | } elsif($ThisLine =~ s/^Authorization failure on (\S+)//) { | ||
+ | $auth_fail{"${1}"}++; | ||
+ | } elsif($ThisLine =~ s/^\S+ connection to \S+ failed: .*//) { | ||
+ | # ignore. Counted below | ||
+ | } elsif($ThisLine =~ s/^connection to (\S+) \[[^]]+\] failed: (.*).//) { | ||
+ | $conn_fail{"${1} -- ${2}"}++; | ||
+ | } elsif($ThisLine =~ s/^(\d+) messages? for (\S+) at (\S+).*.//) { | ||
+ | $messages_for{"${2} at ${3}"} += $1; | ||
+ | } else { | ||
+ | chomp($ThisLine); | ||
+ | # Report any unmatched entries... | ||
+ | $OtherList{$ThisLine}++; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | if (keys %messages_for) { | ||
+ | my $total; | ||
+ | print "\nMessages\n"; | ||
+ | foreach my $who (sort keys %messages_for) { | ||
+ | print " $who: $messages_for{$who}\n"; | ||
+ | $total += $messages_for{$who}; | ||
+ | } | ||
+ | print " Total: $total\n"; | ||
+ | } | ||
+ | |||
+ | if (keys %conn_fail) { | ||
+ | my $total; | ||
+ | print "\nConnection failures\n"; | ||
+ | foreach my $who (sort keys %conn_fail) { | ||
+ | print " $who: $conn_fail{$who} Time(s)\n"; | ||
+ | $total += $conn_fail{$who}; | ||
+ | } | ||
+ | print " Total: $total\n"; | ||
+ | } | ||
+ | |||
+ | if (keys %auth_fail) { | ||
+ | my $total; | ||
+ | print "\nAuthorization failures\n"; | ||
+ | foreach my $who (sort keys %auth_fail) { | ||
+ | print " $who: $auth_fail{$who} Time(s)\n"; | ||
+ | $total += $auth_fail{$who}; | ||
+ | } | ||
+ | print " Total: $total\n"; | ||
+ | } | ||
+ | |||
+ | if (keys %no_mail) { | ||
+ | my $total; | ||
+ | print "\nNo Mail\n"; | ||
+ | foreach my $who (sort keys %no_mail) { | ||
+ | print " $who: $no_mail{$who} Time(s)\n"; | ||
+ | $total += $no_mail{$who}; | ||
+ | } | ||
+ | print " Total: $total\n"; | ||
+ | } | ||
+ | |||
+ | if (keys %OtherList) { | ||
+ | print "\n**Unmatched Entries**\n"; | ||
+ | foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) { | ||
+ | print " $line: $OtherList{$line} Time(s)\n"; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | exit(0); | ||
+ | |||
+ | # vi: shiftwidth=3 tabstop=3 syntax=perl et | ||
+ | |||
+ | |||
[[Category:Administration:Monitoring]][[Category:Contrib]] | [[Category:Administration:Monitoring]][[Category:Contrib]] |
Revision as of 13:08, 3 December 2014
Logwatch is a program that analyzes the server logs in /var/logs to detect errors and warnings such as, for exapmple, attempts unsuccessful of authentication, mail delivery errors ecc... All logs will be monitored, and an email summarizing the full report will be sent to the administrator of the Sme (admin) every night. To install the package:
yum --enablerepo=smecontribs install logwatch
then you can type this if you want a report lighter without the firewall reporting
echo 'Service = "-iptables"' >> /etc/logwatch/conf/logwatch.conf echo 'Service = "-iptables-multi"' >> /etc/logwatch/conf/logwatch.conf
signal-event post-upgrade && signal-event reboot
The program at the present time works without templates so all modification can be performed directly over conf files.
Mixed tweaks
Mail messages in html
If you want the mail message in html format you must edit the main perl script with your favourite editor (mc, nano, joe, vi....):
/usr/share/logwatch/scripts/logwatch.pl
find the line (it should be line 78):
$Config{'output'} = "unformatted";
and modify it in:
$Config{'output'} = "html";
Parsing Fetchmail log
The actual realease does not contain a script to parse /var/maillog; you can simply add a script and the related conf to do this. Create the fetchmail script file:
/usr/share/logwatch/scripts/services/fetchmail
and paste into the file:
########################################################################## # $Id: fetchmail $ ########################################################################## ######################################################## # This was written and is maintained by: # Oron Peled <oron \@\ actcom.net.il> # ######################################################## my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; my %no_mail; my %messages_for; my %auth_fail; my %conn_fail; #Inits while (defined($ThisLine = <STDIN>)) { chomp($ThisLine); $ThisLine =~ s/^[a-zA-Z0-9]+: //; if($ThisLine =~ s/^No mail for (\S+) at (\S+)//) { $no_mail{"${1} at ${2}"}++; } elsif($ThisLine =~ /^reading message /) { # ignore } elsif($ThisLine =~ s/^Query status=[23]//) { # ignore. Counted below (Authorization, Connection) } elsif($ThisLine =~ s/^Authorization failure on (\S+)//) { $auth_fail{"${1}"}++; } elsif($ThisLine =~ s/^\S+ connection to \S+ failed: .*//) { # ignore. Counted below } elsif($ThisLine =~ s/^connection to (\S+) \^+\] failed: (.*).//) { $conn_fail{"${1} -- ${2}"}++; } elsif($ThisLine =~ s/^(\d+) messages? for (\S+) at (\S+).*.//) { $messages_for{"${2} at ${3}"} += $1; } else { chomp($ThisLine); # Report any unmatched entries... $OtherList{$ThisLine}++; } } if (keys %messages_for) { my $total; print "\nMessages\n"; foreach my $who (sort keys %messages_for) { print " $who: $messages_for{$who}\n"; $total += $messages_for{$who}; } print " Total: $total\n"; } if (keys %conn_fail) { my $total; print "\nConnection failures\n"; foreach my $who (sort keys %conn_fail) { print " $who: $conn_fail{$who} Time(s)\n"; $total += $conn_fail{$who}; } print " Total: $total\n"; } if (keys %auth_fail) { my $total; print "\nAuthorization failures\n"; foreach my $who (sort keys %auth_fail) { print " $who: $auth_fail{$who} Time(s)\n"; $total += $auth_fail{$who}; } print " Total: $total\n"; } if (keys %no_mail) { my $total; print "\nNo Mail\n"; foreach my $who (sort keys %no_mail) { print " $who: $no_mail{$who} Time(s)\n"; $total += $no_mail{$who}; } print " Total: $total\n"; } if (keys %OtherList) { print "\n**Unmatched Entries**\n"; foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) { print " $line: $OtherList{$line} Time(s)\n"; } } exit(0); # vi: shiftwidth=3 tabstop=3 syntax=perl et