LinuxMonitoring

Logwatch How To install on CentOS

Logwatch is the classic log file email utility that emails a daily status of activity from Linux logs. On CentOS, the default install of logwatch does not have many fancy features enabled. I’ll show you how to configure logwatch!

Install logwatch:

$ yum install logwatch

Next, navigate to the logwatch services directory which is located as follows:

$ cd /usr/share/logwatch/defaults.conf/services

Here edit the following files:

$ sudo nano zz-disk_space.conf

Uncomment the lines as shown:

#New disk report options
#Uncomment this to show the home directory sizes
$show_home_dir_sizes = 1
$home_dir = "/home"

#Uncomment this to show the mail spool size
$show_mail_dir_sizes = 1
$mail_dir = "/var/spool/mail"

#Uncomment this to show the system directory sizes /opt /usr/ /var/log
$show_disk_usage = 1

Next, edit the following file:

$ nano http.conf

Set the following to 1

# Set flag to 1 to enable ignore
# or set to 0 to disable
$HTTP_IGNORE_ERROR_HACKS = 1

Next, you may want to edit the email address that logwatch emails the report.

$ cd /usr/share/logwatch/defaults.conf/
$ nano logwatch.conf

Change MailTo = to an email address as desired:

# Default person to mail reports to. Can be a local account or a
# complete email address. Variable Print should be set to No to
# enable mail feature.
#MailTo = root
MailTo = [email protected]

It is common practice to send root mail from all servers to a mailing list that all admins subscribe to.
Once complete, you may run logwatch manually at the command line with no options to test:

$ sudo logwatch

Logwatch by default runs with daily cron jobs in /etc/cron.daily.
Below is an example logwatch output:

################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Mon Mar 11 06:25:04 2013
Date Range Processed: yesterday
( 2013-Mar-10 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: li166-66
##################################################################

--------------------- Denyhosts Begin ------------------------

new denied hosts:
198.101.155.224

---------------------- Denyhosts End -------------------------

--------------------- fail2ban-messages Begin ------------------------

Banned services with Fail2Ban: Bans:Unbans
ssh: [ 10:10 ]

---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------

Requests with error response codes
403 Forbidden
/: 1 Time(s)
/2011/12/28/check-site-for-malware-with-google-safe-browsing: 1 Time(s)
/wp-content/gallery/centos6_netinstall/02_ ... _netinstall.png: 1 Time(s)
/wp-login.php: 3 Time(s)
404 Not Found
/2012/05/22/install-nmap-6-on-debian-or-ub ... /icon_smile.gif: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 00ad59cfbe0d0e6: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 0428a5432cddd7a: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 100bbfd2fb6f814: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 29e2974b4e7a6d9: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 46e8cf0ecfe2950: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 93ac2279ce4b930: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 9588a7ccfccc633: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... a4920cc0865dfcb: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... a8bb27807d8787c: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... crumb-arrow.png: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... ee9627dfa9953af: 1 Time(s)
/admin/config.php: 1 Time(s)
/index.php?do=register: 1 Time(s)
/tag/button/feed/www.gimp.org: 1 Time(s)
http://37.28.156.211/sprawdza.php: 1 Time(s)
http://server5.cyberpods.net/azenv.php: 1 Time(s)
408 Request Timeout
null: 605 Time(s)
500 Internal Server Error
/wp-comments-post.php: 3 Time(s)
501 Not Implemented
null: 2 Time(s)

---------------------- httpd End -------------------------

--------------------- iptables firewall Begin ------------------------

Listed by source hosts:
Logged 610 packets on interface eth0
From 1.34.254.8 - 1 packet to tcp(23)
From 2.28.22.209 - 11 packets to tcp(443)
From 2.50.172.58 - 3 packets to tcp(3389)
From 5.34.242.184 - 3 packets to tcp(3128)
From 15.219.201.68 - 18 packets to tcp(80)
From 38.81.66.114 - 18 packets to tcp(4242)
From 41.137.24.82 - 3 packets to tcp(80)
From 42.96.156.107 - 2 packets to tcp(3389)
From 46.20.35.92 - 1 packet to udp(6060)
From 49.88.119.47 - 9 packets to tcp(3899,4899,4900)
From 59.165.88.171 - 1 packet to tcp(23)
From 60.191.170.125 - 2 packets to tcp(135)
From 60.218.122.219 - 1 packet to tcp(1433)
From 61.147.103.188 - 1 packet to tcp(1433)
From 61.155.106.212 - 1 packet to tcp(1433)
From 61.174.50.67 - 1 packet to tcp(135)
From 66.207.200.146 - 3 packets to tcp(1433,3306,8080)
From 69.155.10.189 - 1 packet to tcp(23)
From 69.172.200.161 - 8 packets to tcp(12623)
From 69.175.126.170 - 1 packet to udp(5353)
From 72.223.99.33 - 1 packet to udp(56423)
From 77.232.135.244 - 1 packet to tcp(5900)
From 78.43.232.88 - 22 packets to tcp(80)
From 78.69.210.213 - 31 packets to tcp(80)

---------------------- iptables firewall End -------------------------

--------------------- Postfix Begin ------------------------

6.561K Bytes accepted 6,718
6.561K Bytes sent via SMTP 6,718
======== ==================================================

6 Accepted 75.00%
2 Rejected 25.00%
-------- --------------------------------------------------
8 Total 100.00%
======== ==================================================

2 5xx Reject relay denied 100.00%
-------- --------------------------------------------------
2 Total 5xx Rejects 100.00%
======== ==================================================

3 4xx Reject unknown client host 100.00%
-------- --------------------------------------------------
3 Total 4xx Rejects 100.00%
======== ==================================================

9 Connections
6 Connections lost (inbound)
9 Disconnections
6 Removed from queue
6 Sent via SMTP

1 SMTP dialog errors
1 Hostname verification errors

---------------------- Postfix End -------------------------

--------------------- SSHD Begin ------------------------

Illegal users from:
198.101.155.224: 8 times

Refused incoming connections:
198.101.155.224 (198.101.155.224): 2 Time(s)

**Unmatched Entries**
reverse mapping checking getaddrinfo for ip223.hichina.com [223.4.147.229] failed - POSSIBLE BREAK-IN ATTEMPT! : 25 time(s)

---------------------- SSHD End -------------------------

--------------------- Disk Space Begin ------------------------

Filesystem Size Used Avail Use% Mounted on
/dev/xvda 47G 15G 32G 32% /
/dev 502M 112K 502M 1% /dev

------------- Directory Sizes ---------------

Size Location
(GB)
818M /var/log
1.4G /usr
------------- Directory Sizes ---------------

------------- Home Directory Sizes ---------------
Size Location
(MB)
3.9G /home/asdfas
------------- Home Directory Sizes ---------------

------------- Mail Directory Sizes ---------------
Size Location
(MB
176K /var/spool/mail/root
------------- Mail Directory Sizes ---------------
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close