Difference between revisions of "Logwatch"

From SME Server
Jump to navigationJump to search
Line 16: Line 16:
 
==Mixed tweaks==
 
==Mixed tweaks==
 
===Mail messages in html===
 
===Mail messages in html===
If you want the mail message in html format you must edit the file with your favourite editor (mc, nano, joe, vi....):
+
If you want the mail message in html format you must edit the main perl script with your favourite editor (mc, nano, joe, vi....):
 
  /usr/share/logwatch/scripts/logwatch.pl
 
  /usr/share/logwatch/scripts/logwatch.pl
 
find the line (it should be line 78):
 
find the line (it should be line 78):
Line 23: Line 23:
 
  $Config{'output'} = "html";
 
  $Config{'output'} = "html";
 
===Parsing Fetchmail log===
 
===Parsing Fetchmail log===
The actual realease does not contain a script to parse /var/maillog
+
The actual realease does not contain a script to parse /var/maillog; you can simply add a script and the related conf to do this.
 +
Create the fetchmail script file:
 +
/usr/share/logwatch/scripts/services/fetchmail
 +
and paste into the file:
 +
##########################################################################
 +
# $Id: fetchmail $
 +
##########################################################################
 +
 +
########################################################
 +
# This was written and is maintained by:
 +
#    Oron Peled <oron \@\ actcom.net.il>
 +
#
 +
########################################################
 +
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
 +
my %no_mail;
 +
my %messages_for;
 +
my %auth_fail;
 +
my %conn_fail;
 +
 +
#Inits
 +
 +
while (defined($ThisLine = <STDIN>)) {
 +
        chomp($ThisLine);
 +
        $ThisLine =~ s/^[a-zA-Z0-9]+: //;
 +
        if($ThisLine =~ s/^No mail for (\S+) at (\S+)//) {
 +
                $no_mail{"${1} at ${2}"}++;
 +
        } elsif($ThisLine =~ /^reading message /) {
 +
                # ignore
 +
        } elsif($ThisLine =~ s/^Query status=[23]//) {
 +
                # ignore. Counted below (Authorization, Connection)
 +
        } elsif($ThisLine =~ s/^Authorization failure on (\S+)//) {
 +
                $auth_fail{"${1}"}++;
 +
        } elsif($ThisLine =~ s/^\S+ connection to \S+ failed: .*//) {
 +
                # ignore. Counted below
 +
        } elsif($ThisLine =~ s/^connection to (\S+) \[[^]]+\] failed: (.*).//) {
 +
                $conn_fail{"${1} -- ${2}"}++;
 +
        } elsif($ThisLine =~ s/^(\d+) messages? for (\S+) at (\S+).*.//) {
 +
                $messages_for{"${2} at ${3}"} += $1;
 +
        } else {
 +
                chomp($ThisLine);
 +
                # Report any unmatched entries...
 +
                $OtherList{$ThisLine}++;
 +
        }
 +
}
 +
 +
if (keys %messages_for) {
 +
        my $total;
 +
        print "\nMessages\n";
 +
        foreach my $who (sort keys %messages_for) {
 +
                print "  $who: $messages_for{$who}\n";
 +
                $total += $messages_for{$who};
 +
        }
 +
        print "  Total: $total\n";
 +
}
 +
 +
if (keys %conn_fail) {
 +
        my $total;
 +
        print "\nConnection failures\n";
 +
        foreach my $who (sort keys %conn_fail) {
 +
                print "  $who: $conn_fail{$who} Time(s)\n";
 +
                $total += $conn_fail{$who};
 +
        }
 +
        print "  Total: $total\n";
 +
}
 +
 +
if (keys %auth_fail) {
 +
        my $total;
 +
        print "\nAuthorization failures\n";
 +
        foreach my $who (sort keys %auth_fail) {
 +
                print "  $who: $auth_fail{$who} Time(s)\n";
 +
                $total += $auth_fail{$who};
 +
        }
 +
        print "  Total: $total\n";
 +
}
 +
 +
if (keys %no_mail) {
 +
        my $total;
 +
        print "\nNo Mail\n";
 +
        foreach my $who (sort keys %no_mail) {
 +
                print "  $who: $no_mail{$who} Time(s)\n";
 +
                $total += $no_mail{$who};
 +
        }
 +
        print "  Total: $total\n";
 +
}
 +
 +
if (keys %OtherList) {
 +
        print "\n**Unmatched Entries**\n";
 +
        foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
 +
                print "  $line: $OtherList{$line} Time(s)\n";
 +
        }
 +
}
 +
 +
exit(0);
 +
 +
# vi: shiftwidth=3 tabstop=3 syntax=perl et
 +
 
 +
 
  
 
[[Category:Administration:Monitoring]][[Category:Contrib]]
 
[[Category:Administration:Monitoring]][[Category:Contrib]]

Revision as of 13:08, 3 December 2014

Logwatch is a program that analyzes the server logs in /var/logs to detect errors and warnings such as, for exapmple, attempts unsuccessful of authentication, mail delivery errors ecc... All logs will be monitored, and an email summarizing the full report will be sent to the administrator of the Sme (admin) every night. To install the package:

yum --enablerepo=smecontribs install logwatch

then you can type this if you want a report lighter without the firewall reporting

echo 'Service = "-iptables"' >> /etc/logwatch/conf/logwatch.conf
echo 'Service = "-iptables-multi"' >> /etc/logwatch/conf/logwatch.conf
signal-event post-upgrade && signal-event reboot

The program at the present time works without templates so all modification can be performed directly over conf files.

Mixed tweaks

Mail messages in html

If you want the mail message in html format you must edit the main perl script with your favourite editor (mc, nano, joe, vi....):

/usr/share/logwatch/scripts/logwatch.pl

find the line (it should be line 78):

$Config{'output'} = "unformatted";

and modify it in:

$Config{'output'} = "html";

Parsing Fetchmail log

The actual realease does not contain a script to parse /var/maillog; you can simply add a script and the related conf to do this. Create the fetchmail script file:

/usr/share/logwatch/scripts/services/fetchmail

and paste into the file:

##########################################################################
# $Id: fetchmail $
##########################################################################

########################################################
# This was written and is maintained by:
#    Oron Peled <oron \@\ actcom.net.il>
#
########################################################
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my %no_mail;
my %messages_for;
my %auth_fail;
my %conn_fail;

#Inits

while (defined($ThisLine = <STDIN>)) {
        chomp($ThisLine);
        $ThisLine =~ s/^[a-zA-Z0-9]+: //;
        if($ThisLine =~ s/^No mail for (\S+) at (\S+)//) {
                $no_mail{"${1} at ${2}"}++;
        } elsif($ThisLine =~ /^reading message /) {
                # ignore
        } elsif($ThisLine =~ s/^Query status=[23]//) {
                # ignore. Counted below (Authorization, Connection)
        } elsif($ThisLine =~ s/^Authorization failure on (\S+)//) {
                $auth_fail{"${1}"}++;
        } elsif($ThisLine =~ s/^\S+ connection to \S+ failed: .*//) {
                # ignore. Counted below
        } elsif($ThisLine =~ s/^connection to (\S+) \^+\] failed: (.*).//) {
                $conn_fail{"${1} -- ${2}"}++;
        } elsif($ThisLine =~ s/^(\d+) messages? for (\S+) at (\S+).*.//) {
                $messages_for{"${2} at ${3}"} += $1;
        } else {
                chomp($ThisLine);
                # Report any unmatched entries...
                $OtherList{$ThisLine}++;
        }
}

if (keys %messages_for) {
        my $total;
        print "\nMessages\n";
        foreach my $who (sort keys %messages_for) {
                print "   $who: $messages_for{$who}\n";
                $total += $messages_for{$who};
        }
        print "   Total: $total\n";
}

if (keys %conn_fail) {
        my $total;
        print "\nConnection failures\n";
        foreach my $who (sort keys %conn_fail) {
                print "   $who: $conn_fail{$who} Time(s)\n";
                $total += $conn_fail{$who};
        }
        print "   Total: $total\n";
}

if (keys %auth_fail) {
        my $total;
        print "\nAuthorization failures\n";
        foreach my $who (sort keys %auth_fail) {
                print "   $who: $auth_fail{$who} Time(s)\n";
                $total += $auth_fail{$who};
        }
        print "   Total: $total\n";
}

if (keys %no_mail) {
        my $total;
        print "\nNo Mail\n";
        foreach my $who (sort keys %no_mail) {
                print "   $who: $no_mail{$who} Time(s)\n";
                $total += $no_mail{$who};
        }
        print "   Total: $total\n";
}

if (keys %OtherList) {
        print "\n**Unmatched Entries**\n";
        foreach $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {
                print "   $line: $OtherList{$line} Time(s)\n";
        }
}

exit(0);

# vi: shiftwidth=3 tabstop=3 syntax=perl et