Koozali.org formerly Contribs.org

logwatch

IceDizzy

logwatch
« on: February 15, 2006, 05:10:15 AM »
I realy miss logwatch.
How to in sme 7?
Something to include?
Anyone?

Re: logwatch
« Reply #1 on: February 15, 2006, 05:22:45 AM »
Quote from: "IceDizzy"
I realy miss logwatch.
How to in sme 7?

yum --enablerepo=base  --enablerepo=updates install logwatch

Note that logwatch is very noisy, which is why we didn't include it by default. You need to understand the output.
............

IceDizzy

Thanks again
« Reply #2 on: February 15, 2006, 05:28:13 AM »
Realy like SME concept and forum support.
I know that logwatch talks a lot but it is mostly sence.

Thanks again.
/Ice

Re: Thanks again
« Reply #3 on: February 16, 2006, 04:15:14 PM »
Quote from: "IceDizzy"
Realy like SME concept and forum support.
I know that logwatch talks a lot but it is mostly sence.


Not being farmilar with logwatch and their site wasn't much help with the doc's link not working, my question is when you say "talks a lot" does Logwatch
use the sound system to accomplish that?

Re: Thanks again
« Reply #4 on: February 17, 2006, 12:13:53 AM »
Quote from: "electroman00"
[
Not being farmilar with logwatch and their site wasn't much help with the doc's link not working, my question is when you say "talks a lot" does Logwatch
use the sound system to accomplish that?

No. It generates a nightly mail which summarises interesting log entries. However, if you don't know what the summaries mean, they can be alarming.

Our philosophy has always been that admin should only be notified when things go wrong - nightly reports of things going right, or containing lots of warnings, just get ignored - the "Boy who cried wolf" problem.

For example in SME7 we don't send a nightly mail that your RAID system is working, but we do send one when it goes bad, and as it transitions to working once more. Once it is no longer degraded, we stop sending mails. We tamed rkhunter as well, for the same reason - if it says something, you should care.

I'd like to see logwatch included, but it should say nothing at all most nights on a typical system. I'm sure we can come up with a nice set of rules for logwatch to tame them. IceDizzy - would you like to look at this?
............

logwatch
« Reply #5 on: February 17, 2006, 03:50:22 PM »
gordonr

Thanks for you input, however I should have waited for a response before
I embarked on installation of logwatch.

Seems it has a desire to fill my inbox with 50+ wonderfull blank emails.

Will wait and see if it calms down a bit before I hammer it.

It's on a dev system so no big deal.

Thanks again

IceDizzy

Logwatch
« Reply #6 on: February 22, 2006, 05:57:28 PM »
Just popped in:
I'll see what i can come up with. I'm in Stockholm at the moment but i'll give you an example of config when i'm back home approx. 1-2weeks
/Ice

IceDizzy

Original config works just fine.
« Reply #7 on: February 27, 2006, 06:08:13 AM »
I've tested it for a while an it writes ( talks ) as much you'll need.
It is not so hard to add or decrease the level and entries.
Attaching the file if you lost it according to your blank lines.

at Gotland heading Ă–stersund

/Ice


===================== the config==========================

########################################################
# This was written and is maintained by:
#    Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
#    etc, to kirk@kaybee.org.
#
########################################################

# NOTE:
#   All these options are the defaults if you run logwatch with no
#   command-line arguments.  You can override all of these on the
#   command-line.

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of <name> = <value>.  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the = sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

# Default Log Directory
# All log-files are assumed to be given relative to this directory.
LogDir = /var/log

# You can override the default temp directory (/tmp) here
TmpDir = /tmp

# Default person to mail reports to.  Can be a local account or a
# complete email address.
MailTo = root

# If set to 'Yes', the report will be sent to stdout instead of being
# mailed to above person.
Print = No

# Leave this to 'Yes' if you have the mktemp program and it supports
# the '-d' option.  Some older version of mktemp on pre-RH7.X did not
# support this option, so set this to no in that case and Logwatch will
# use internal temp directory creation that is (hopefully) just as secure
UseMkTemp = Yes

#
#   Some systems have mktemp in a different place
#
MkTemp = /bin/mktemp

# if set, the results will be saved in <filename> instead of mailed
# or displayed.
#Save = /tmp/logwatch

# Use archives?  If set to 'Yes', the archives of logfiles
# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
# be searched in addition to the /var/log/messages file.
# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'... it is probably best used with
# Archives = Yes
# Range = All

# The default time range for the report...
# The current choices are All, Today, Yesterday
Range = yesterday

# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = Low


# The 'Service' option expects either the name of a filter
# (in /etc/log.d/scripts/services/*) or 'All'.
# The default service(s) to report on.  This should be left as All for
# most people.  
Service = All
# You can also disable certain services (when specifying all)
#Service = -zz-fortune
# If you only cared about FTP messages, you could use these 2 lines
# instead of the above:
#Service = ftpd-messages   # Processes ftpd messages in /var/log/messages
#Service = ftpd-xferlog    # Processes ftpd messages in /var/log/xferlog
# Maybe you only wanted reports on PAM messages, then you would use:
#Service = pam_pwdb     # PAM_pwdb messages - usually quite a bit
#Service = pam          # General PAM messages... usually not many

# You can also choose to use the 'LogFile' option.  This will cause
# logwatch to only analyze that one logfile.. for example:
#LogFile = messages
# will process /var/log/messages.  This will run all the filters that
# process that logfile.  This option is probably not too useful to
# most people.  Setting 'Service' to 'All' above analyizes all LogFiles
# anyways...

#
# some systems have different locations for mailers
#
mailer = /bin/mail

#
# With this option set to 'Yes', only log entries for this particular host
# (as returned by 'hostname' command) will be processed.  The hostname
# can also be overridden on the commandline (with --hostname option).  This
# can allow a log host to process only its own logs, or Logwatch can be
# run once per host included in the logfiles.
#
# The default is to report on all log entries, regardless of its source host.
# Note that some logfiles do not include host information and will not be
# influenced by this setting.
#
#HostLimit = Yes