LinuxMonitoring

Logwatch How To install on CentOS

Logwatch is the classic log file email utility that emails a daily status of activity from Linux logs. On CentOS, the default install of logwatch does not have many fancy features enabled. I’ll show you how to configure logwatch!

Install logwatch:

$ yum install logwatch

Next, navigate to the logwatch services directory which is located as follows:

$ cd /usr/share/logwatch/defaults.conf/services

Here edit the following files:

$ sudo nano zz-disk_space.conf

Uncomment the lines as shown:

#New disk report options
#Uncomment this to show the home directory sizes
$show_home_dir_sizes = 1
$home_dir = "/home"

#Uncomment this to show the mail spool size
$show_mail_dir_sizes = 1
$mail_dir = "/var/spool/mail"

#Uncomment this to show the system directory sizes /opt /usr/ /var/log
$show_disk_usage = 1

Next, edit the following file:

$ nano http.conf

Set the following to 1

# Set flag to 1 to enable ignore
# or set to 0 to disable
$HTTP_IGNORE_ERROR_HACKS = 1

Next, you may want to edit the email address that logwatch emails the report.

$ cd /usr/share/logwatch/defaults.conf/
$ nano logwatch.conf

Change MailTo = to an email address as desired:

# Default person to mail reports to. Can be a local account or a
# complete email address. Variable Print should be set to No to
# enable mail feature.
#MailTo = root
MailTo = linuxadmins@mycompany.com

It is common practice to send root mail from all servers to a mailing list that all admins subscribe to.
Once complete, you may run logwatch manually at the command line with no options to test:

$ sudo logwatch

Logwatch by default runs with daily cron jobs in /etc/cron.daily.
Below is an example logwatch output:

################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Mon Mar 11 06:25:04 2013
Date Range Processed: yesterday
( 2013-Mar-10 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: li166-66
##################################################################

--------------------- Denyhosts Begin ------------------------

new denied hosts:
198.101.155.224

---------------------- Denyhosts End -------------------------

--------------------- fail2ban-messages Begin ------------------------

Banned services with Fail2Ban: Bans:Unbans
ssh: [ 10:10 ]

---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------

Requests with error response codes
403 Forbidden
/: 1 Time(s)
/2011/12/28/check-site-for-malware-with-google-safe-browsing: 1 Time(s)
/wp-content/gallery/centos6_netinstall/02_ ... _netinstall.png: 1 Time(s)
/wp-login.php: 3 Time(s)
404 Not Found
/2012/05/22/install-nmap-6-on-debian-or-ub ... /icon_smile.gif: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 00ad59cfbe0d0e6: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 0428a5432cddd7a: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 100bbfd2fb6f814: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 29e2974b4e7a6d9: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 46e8cf0ecfe2950: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 93ac2279ce4b930: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 9588a7ccfccc633: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... a4920cc0865dfcb: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... a8bb27807d8787c: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... crumb-arrow.png: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... ee9627dfa9953af: 1 Time(s)
/admin/config.php: 1 Time(s)
/index.php?do=register: 1 Time(s)
/tag/button/feed/www.gimp.org: 1 Time(s)
http://37.28.156.211/sprawdza.php: 1 Time(s)
http://server5.cyberpods.net/azenv.php: 1 Time(s)
408 Request Timeout
null: 605 Time(s)
500 Internal Server Error
/wp-comments-post.php: 3 Time(s)
501 Not Implemented
null: 2 Time(s)

---------------------- httpd End -------------------------

--------------------- iptables firewall Begin ------------------------

Listed by source hosts:
Logged 610 packets on interface eth0
From 1.34.254.8 - 1 packet to tcp(23)
From 2.28.22.209 - 11 packets to tcp(443)
From 2.50.172.58 - 3 packets to tcp(3389)
From 5.34.242.184 - 3 packets to tcp(3128)
From 15.219.201.68 - 18 packets to tcp(80)
From 38.81.66.114 - 18 packets to tcp(4242)
From 41.137.24.82 - 3 packets to tcp(80)
From 42.96.156.107 - 2 packets to tcp(3389)
From 46.20.35.92 - 1 packet to udp(6060)
From 49.88.119.47 - 9 packets to tcp(3899,4899,4900)
From 59.165.88.171 - 1 packet to tcp(23)
From 60.191.170.125 - 2 packets to tcp(135)
From 60.218.122.219 - 1 packet to tcp(1433)
From 61.147.103.188 - 1 packet to tcp(1433)
From 61.155.106.212 - 1 packet to tcp(1433)
From 61.174.50.67 - 1 packet to tcp(135)
From 66.207.200.146 - 3 packets to tcp(1433,3306,8080)
From 69.155.10.189 - 1 packet to tcp(23)
From 69.172.200.161 - 8 packets to tcp(12623)
From 69.175.126.170 - 1 packet to udp(5353)
From 72.223.99.33 - 1 packet to udp(56423)
From 77.232.135.244 - 1 packet to tcp(5900)
From 78.43.232.88 - 22 packets to tcp(80)
From 78.69.210.213 - 31 packets to tcp(80)

---------------------- iptables firewall End -------------------------

--------------------- Postfix Begin ------------------------

6.561K Bytes accepted 6,718
6.561K Bytes sent via SMTP 6,718
======== ==================================================

6 Accepted 75.00%
2 Rejected 25.00%
-------- --------------------------------------------------
8 Total 100.00%
======== ==================================================

2 5xx Reject relay denied 100.00%
-------- --------------------------------------------------
2 Total 5xx Rejects 100.00%
======== ==================================================

3 4xx Reject unknown client host 100.00%
-------- --------------------------------------------------
3 Total 4xx Rejects 100.00%
======== ==================================================

9 Connections
6 Connections lost (inbound)
9 Disconnections
6 Removed from queue
6 Sent via SMTP

1 SMTP dialog errors
1 Hostname verification errors

---------------------- Postfix End -------------------------

--------------------- SSHD Begin ------------------------

Illegal users from:
198.101.155.224: 8 times

Refused incoming connections:
198.101.155.224 (198.101.155.224): 2 Time(s)

**Unmatched Entries**
reverse mapping checking getaddrinfo for ip223.hichina.com [223.4.147.229] failed - POSSIBLE BREAK-IN ATTEMPT! : 25 time(s)

---------------------- SSHD End -------------------------

--------------------- Disk Space Begin ------------------------

Filesystem Size Used Avail Use% Mounted on
/dev/xvda 47G 15G 32G 32% /
/dev 502M 112K 502M 1% /dev

------------- Directory Sizes ---------------

Size Location
(GB)
818M /var/log
1.4G /usr
------------- Directory Sizes ---------------

------------- Home Directory Sizes ---------------
Size Location
(MB)
3.9G /home/asdfas
------------- Home Directory Sizes ---------------

------------- Mail Directory Sizes ---------------
Size Location
(MB
176K /var/spool/mail/root
------------- Mail Directory Sizes ---------------
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################

One Comment

Leave a Reply to naguakkina Cancel reply

Your email address will not be published.

CAPTCHA


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button