Logwatch
This is a perl script that scans logfiles and auto-generates reports. It sends them to you via email (plain txt or html).
Contents
Logfiles Watched
afpd denyhosts ftpd-xferlog netscreen pureftpd sendmail-largeboxes vsftpd amavis dhcpd http oidentd qmail shaperd windows arpwatch dnssec identd openvpn qmail-pop3d slon xntpd audit dovecot imapd pam qmail-pop3ds smartd yum automount dpkg init pam_pwdb qmail-send sonicwall zz-disk_space autorpm emerge in.qpopper pam_unix qmail-smtpd spamassassin zz-fortune barracuda evtapplication ipop3d php raid sshd zz-network bfd evtsecurity iptables pix resolver sshd2 zz-runtime cisco evtsystem kernel pluto rt314 stunnel zz-sys clamav exim mailscanner pop3 samba sudo clamav-milter eximstats modprobe portsentry saslauthd syslogd clam-update extreme-networks mountd postfix scsi tac_acc courier fail2ban named pound secure up2date cron ftpd-messages netopia proftpd-messages sendmail vpopmail
Install
First, you will need an smtp mailer. You might have a look at the sSmtp program
Ubuntu 10.04
sudo su apt-get install logwatch build-essential libyaml-perl perl -MCPAN -e 'install Sys::CPU' perl -MCPAN -e 'install Sys::MemInfo'
Configure
vim /usr/share/logwatch/default.conf/logwatch.conf
change:
Output = mail
Format = html
MailTo = root
Range = all
#Service = "-zz-network" # Prevents execution of zz-network service, which
# prints useful network configuration info.
#Service = "-zz-sys" # Prevents execution of zz-sys service, which
# prints useful system configuration info.
Service = "-eximstats" # Prevents execution of eximstats service, which
# is a wrapper for the eximstats program.
#Maybe Detail = High?
Example Output
Here's an example from a voip server
TBD
We need filters for FusionPBX logfiles, and FreeSWITCH logfiles.
Testing
logwatch --print > /tmp/logtest
