vide en ligne depuis 02.10.1998

Installation de logwatch avec ssmtp

Logwatch présente l'avantage d'envoyer un rapport par mail journalier, évitant ainsi d'avoir à se palucher régulièrement le contenu de /var/log.

L'installation de logwatch contient une dépendance pour l'installation automatique de postfix. Personnellement, je préfère installer ssmtp qui permet de contourner un bridage du port 25 ! De par cette dépendance, il nous faut installer ssmtp avant logwatch !

Installation de ssmtp et configuration avec un compte gmail.

$ sudo apt-get install ssmtp

Pour lancer l'installation puis

$ sudo nano /etc/ssmtp/ssmtp.conf

qui nous permet d'éditer ce fichier et de renseigner quelques bricoles.

#
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=NomDuCompte@free.fr

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.free.fr

# Where will the mail seem to come from?
# rewriteDomain=

# The full hostname
hostname=raspberrypi

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
# FromLineOverride=YES
UseSTARTTLS=YES


On modifie aussi le fichier /etc/ssmtp/revaliases

# sSMTP aliases
#
# Format: local_account:outgoing_address:mailhub
#
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.

root:NomDuCompte@free.fr:smtp.free.fr

puis on teste

$ ssmtp email_destination

Faite un [CTRL + D] pour valider votre message !

Installation de logwatch

Nous voyons maintenant que postfix n'est plus proposé en dépendance au moment de l'installation.

$ sudo apt-get install logwatch

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libdate-manip-perl libyaml-syck-perl
Suggested packages:
fortune-mod
The following NEW packages will be installed:
libdate-manip-perl libyaml-syck-perl logwatch
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,837 kB of archives.
After this operation, 17.3 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y

Une petite configuration s'impose

$ nano /usr/share/logwatch/default.conf/logwatch.conf

Avec mise en place des éléments suivants

########################################################
# This was written and is maintained by:
#    Kirk Bauer 
#
# Please send all comments, suggestions, bug reports,
#    etc, to kirk@kaybee.org.
#
########################################################

# NOTE:
#   All these options are the defaults if you run logwatch with no
#   command-line arguments.  You can override all of these on the
#   command-line.

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of  = .  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the = sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

# Default Log Directory
# All log-files are assumed to be given relative to this directory.
LogDir = /var/log

# You can override the default temp directory (/tmp) here
TmpDir = /var/cache/logwatch

#Output/Format Options
#By default Logwatch will print to stdout in text with no encoding.
#To make email Default set Output = mail to save to file set Output = file
Output = mail

#To make Html the default formatting Format = html
Format = text
#To make Base64 [aka uuencode] Encode = base64
Encode = none

# Default person to mail reports to.  Can be a local account or a
# complete email address.  Variable Output should be set to mail, or
# --output mail should be passed on command line to enable mail feature.
MailTo = root

# WHen using option --multiemail, it is possible to specify a different
# email recipient per host processed.  For example, to send the report
# for hostname host1 to user@example.com, use:
# Mailto_host1 = user@example.com
# Multiple recipients can be specified by separating them with a space.

# Default person to mail reports from.  Can be a local account or a
# complete email address.
MailFrom = Logwatch

# if set, the results will be saved in  instead of mailed
# or displayed. Be sure to set Output = file also.
#Filename = /tmp/logwatch

# Use archives?  If set to 'Yes', the archives of logfiles
# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
# be searched in addition to the /var/log/messages file.
# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'... it is probably best used with
# By default this is now set to Yes. To turn off Archives uncomment this.
# Archives = No
# Range = All

# The default time range for the report...
# The current choices are All, Today, Yesterday
Range = yesterday

# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = Low

# The 'Service' option expects either the name of a filter
# (in /usr/share/logwatch/scripts/services/*) or 'All'.
# The default service(s) to report on.  This should be left as All for
# most people.
Service = All
# You can also disable certain services (when specifying all)
Service = "-zz-network"     # Prevents execution of zz-network service, which
                            # prints useful network configuration info.
Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                            # prints useful system configuration info.
Service = "-eximstats"      # Prevents execution of eximstats service, which
                            # is a wrapper for the eximstats program.
# If you only cared about FTP messages, you could use these 2 lines
# instead of the above:
#Service = ftpd-messages   # Processes ftpd messages in /var/log/messages
#Service = ftpd-xferlog    # Processes ftpd messages in /var/log/xferlog
# Maybe you only wanted reports on PAM messages, then you would use:
#Service = pam_pwdb        # PAM_pwdb messages - usually quite a bit
#Service = pam             # General PAM messages... usually not many

# You can also choose to use the 'LogFile' option.  This will cause
# logwatch to only analyze that one logfile.. for example:
#LogFile = messages
# will process /var/log/messages.  This will run all the filters that
# process that logfile.  This option is probably not too useful to
# most people.  Setting 'Service' to 'All' above analyzes all LogFiles
# anyways...

#
# By default we assume that all Unix systems have sendmail or a sendmail-like MTA.
# The mailer code prints a header with To: From: and Subject:.
# At this point you can change the mailer to anything that can handle this output
# stream.
# TODO test variables in the mailer string to see if the To/From/Subject can be set
# From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt
mailer = "/usr/sbin/sendmail -t"

#
# With this option set to 'Yes', only log entries for this particular host
# (as returned by 'hostname' command) will be processed.  The hostname
# can also be overridden on the commandline (with --hostname option).  This
# can allow a log host to process only its own logs, or Logwatch can be
# run once per host included in the logfiles.
#
# The default is to report on all log entries, regardless of its source host.
# Note that some logfiles do not include host information and will not be
# influenced by this setting.
#
#HostLimit = Yes

# vi: shiftwidth=3 tabstop=3

On vérifie que tout est OK en demandant l'envoi du rapport

$ logwatch

Un rapport ayant cette forme devrait arriver dans votre BAL !

	################### Logwatch 7.4.0 (05/02/12) ####################
	Processing Initiated: Wed Sep  5 06:26:02 2012
	Date Range Processed: yesterday
	( 2012-Sep-04 )
	Period is day.
	Detail Level of Output: 0
	Type of Output/Format: mail / text
	Logfiles for Host: raspberrypi
	##################################################################

	--------------------- Kernel Audit Begin ------------------------
	---------------------- Kernel Audit End -------------------------

	--------------------- httpd Begin ------------------------
	---------------------- httpd End -------------------------

	--------------------- pam_unix Begin ------------------------
	---------------------- pam_unix End -------------------------

	--------------------- SSHD Begin ------------------------
	---------------------- SSHD End -------------------------

	--------------------- Sudo (secure-log) Begin ------------------------
	---------------------- Sudo (secure-log) End -------------------------

	--------------------- Disk Space Begin ------------------------

	Filesystem      Size  Used Avail Use% Mounted on
	rootfs          7.3G  1.7G  5.3G  24% /
	/dev/root       7.3G  1.7G  5.3G  24% /
	/dev/mmcblk0p1   56M   36M   21M  64% /boot

	---------------------- Disk Space End -------------------------

	###################### Logwatch End #########################