Logwatch présente l'avantage d'envoyer un rapport par mail journalier, évitant ainsi d'avoir à se palucher régulièrement le contenu de /var/log.
$ sudo apt-get install ssmtp |
$ sudo nano /etc/ssmtp/ssmtp.conf |
$ ssmtp email_destination |
$ sudo apt-get install logwatch |
$ nano /usr/share/logwatch/default.conf/logwatch.conf |
######################################################## # This was written and is maintained by: # Kirk Bauer# # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. # ######################################################## # NOTE: # All these options are the defaults if you run logwatch with no # command-line arguments. You can override all of these on the # command-line. # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 # Default Log Directory # All log-files are assumed to be given relative to this directory. LogDir = /var/log # You can override the default temp directory (/tmp) here TmpDir = /var/cache/logwatch #Output/Format Options #By default Logwatch will print to stdout in text with no encoding. #To make email Default set Output = mail to save to file set Output = file Output = mail #To make Html the default formatting Format = html Format = text #To make Base64 [aka uuencode] Encode = base64 Encode = none # Default person to mail reports to. Can be a local account or a # complete email address. Variable Output should be set to mail, or # --output mail should be passed on command line to enable mail feature. MailTo = root # WHen using option --multiemail, it is possible to specify a different # email recipient per host processed. For example, to send the report # for hostname host1 to user@example.com, use: # Mailto_host1 = user@example.com # Multiple recipients can be specified by separating them with a space. # Default person to mail reports from. Can be a local account or a # complete email address. MailFrom = Logwatch # if set, the results will be saved in instead of mailed # or displayed. Be sure to set Output = file also. #Filename = /tmp/logwatch # Use archives? If set to 'Yes', the archives of logfiles # (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will # be searched in addition to the /var/log/messages file. # This usually will not do much if your range is set to just # 'Yesterday' or 'Today'... it is probably best used with # By default this is now set to Yes. To turn off Archives uncomment this. # Archives = No # Range = All # The default time range for the report... # The current choices are All, Today, Yesterday Range = yesterday # The default detail level for the report. # This can either be Low, Med, High or a number. # Low = 0 # Med = 5 # High = 10 Detail = Low # The 'Service' option expects either the name of a filter # (in /usr/share/logwatch/scripts/services/*) or 'All'. # The default service(s) to report on. This should be left as All for # most people. Service = All # You can also disable certain services (when specifying all) Service = "-zz-network" # Prevents execution of zz-network service, which # prints useful network configuration info. Service = "-zz-sys" # Prevents execution of zz-sys service, which # prints useful system configuration info. Service = "-eximstats" # Prevents execution of eximstats service, which # is a wrapper for the eximstats program. # If you only cared about FTP messages, you could use these 2 lines # instead of the above: #Service = ftpd-messages # Processes ftpd messages in /var/log/messages #Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog # Maybe you only wanted reports on PAM messages, then you would use: #Service = pam_pwdb # PAM_pwdb messages - usually quite a bit #Service = pam # General PAM messages... usually not many # You can also choose to use the 'LogFile' option. This will cause # logwatch to only analyze that one logfile.. for example: #LogFile = messages # will process /var/log/messages. This will run all the filters that # process that logfile. This option is probably not too useful to # most people. Setting 'Service' to 'All' above analyzes all LogFiles # anyways... # # By default we assume that all Unix systems have sendmail or a sendmail-like MTA. # The mailer code prints a header with To: From: and Subject:. # At this point you can change the mailer to anything that can handle this output # stream. # TODO test variables in the mailer string to see if the To/From/Subject can be set # From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt mailer = "/usr/sbin/sendmail -t" # # With this option set to 'Yes', only log entries for this particular host # (as returned by 'hostname' command) will be processed. The hostname # can also be overridden on the commandline (with --hostname option). This # can allow a log host to process only its own logs, or Logwatch can be # run once per host included in the logfiles. # # The default is to report on all log entries, regardless of its source host. # Note that some logfiles do not include host information and will not be # influenced by this setting. # #HostLimit = Yes # vi: shiftwidth=3 tabstop=3
$ logwatch |
################### Logwatch 7.4.0 (05/02/12) #################### Processing Initiated: Wed Sep 5 06:26:02 2012 Date Range Processed: yesterday ( 2012-Sep-04 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: raspberrypi ################################################################## --------------------- Kernel Audit Begin ------------------------ ---------------------- Kernel Audit End ------------------------- --------------------- httpd Begin ------------------------ ---------------------- httpd End ------------------------- --------------------- pam_unix Begin ------------------------ ---------------------- pam_unix End ------------------------- --------------------- SSHD Begin ------------------------ ---------------------- SSHD End ------------------------- --------------------- Sudo (secure-log) Begin ------------------------ ---------------------- Sudo (secure-log) End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on rootfs 7.3G 1.7G 5.3G 24% / /dev/root 7.3G 1.7G 5.3G 24% / /dev/mmcblk0p1 56M 36M 21M 64% /boot ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=NomDuCompte@free.fr
# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.free.fr
# Where will the mail seem to come from?
# rewriteDomain=
# The full hostname
hostname=raspberrypi
# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
# FromLineOverride=YES
UseSTARTTLS=YES