Logwatch

This is a perl script that scans logfiles and auto-generates reports. It sends them to you via email (plain txt or html).

Logfiles Watched
afpd denyhosts ftpd-xferlog netscreen pureftpd sendmail-largeboxes vsftpd amavis dhcpd http oidentd qmail shaperd windows arpwatch dnssec identd openvpn qmail-pop3d slon xntpd audit dovecot imapd pam qmail-pop3ds smartd yum automount dpkg init pam_pwdb qmail-send sonicwall zz-disk_space autorpm emerge in.qpopper pam_unix qmail-smtpd spamassassin zz-fortune barracuda evtapplication ipop3d php raid sshd zz-network bfd evtsecurity iptables pix resolver sshd2 zz-runtime cisco evtsystem kernel pluto rt314 stunnel zz-sys clamav exim mailscanner pop3 samba sudo clamav-milter eximstats modprobe portsentry saslauthd syslogd clam-update extreme-networks mountd postfix scsi tac_acc courier fail2ban named pound secure up2date cron ftpd-messages netopia proftpd-messages sendmail vpopmail

Install
First, you will need an smtp mailer. You might have a look at the sSmtp program

Ubuntu 10.04
sudo su apt-get install logwatch build-essential libyaml-perl perl -MCPAN -e 'install Sys::CPU' perl -MCPAN -e 'install Sys::MemInfo'

Configure
vim /usr/share/logwatch/default.conf/logwatch.conf

change: Output = mail Format = html MailTo = root Range = all # prints useful network configuration info. # prints useful system configuration info. Service = "-eximstats"     # Prevents execution of eximstats service, which # is a wrapper for the eximstats program.
 * 1) Service = "-zz-network"    # Prevents execution of zz-network service, which
 * 1) Service = "-zz-sys"        # Prevents execution of zz-sys service, which
 * 1) Maybe Detail = High?

Example Output
Here's an example from a voip server

TBD
We need filters for FusionPBX logfiles, and FreeSWITCH logfiles.

Testing
logwatch --print > /tmp/logtest