Logwatch is the classic log file email utility that emails a daily status of activity from Linux logs. On CentOS, the default install of logwatch does not have many fancy features enabled. I’ll show you how to configure logwatch!
First, install logwatch:
$ sudo yum install logwatch
Next, navigate to the logwatch services directory which is located as follows and edit the file:
$ vim /usr/share/logwatch/defaults.conf/services/zz-disk_space.conf
Uncomment the lines as shown:
#New disk report options #Uncomment this to show the home directory sizes $show_home_dir_sizes = 1 $home_dir = "/home" #Uncomment this to show the mail spool size $show_mail_dir_sizes = 1 $mail_dir = "/var/spool/mail" #Uncomment this to show the system directory sizes /opt /usr/ /var/log $show_disk_usage = 1
Next, edit the following file:
$ sudo vim http.conf
Set the following to 1
# Set flag to 1 to enable ignore # or set to 0 to disable $HTTP_IGNORE_ERROR_HACKS = 1
Next, you may want to edit the email address that logwatch emails the report.
$ vim /usr/share/logwatch/default.conf/logwatch.conf
Change MailTo = to an email address as desired:
# Default person to mail reports to. Can be a local account or a # complete email address. Variable Print should be set to No to # enable mail feature. #MailTo = root MailTo = linuxadmins@mycompany.com
Also, adding the line
output = "html"
to /etc/logwatch/conf/logwatch.conf, changes the output into an easy to read HTML output
It is common practice to send root mail from all servers to a mailing list that all admins subscribe to.
Once complete, you may run logwatch manually at the command line with no options to test:
$ sudo logwatch
Logwatch by default runs with daily cron jobs in /etc/cron.daily.
Running Logwatch Manually
It should be mentioned that you have the option to run Logwatch manually whenever you need through the command line.
Here are the available options [from the documentation]:
logwatch [--detail level ] [--logfile log-file-group ] [--service service-name ] [--print]
[--mailto address ] [--archives] [--range range ] [--debug level ] [--save file-name ]
[--logdir directory ] [--hostname hostname ] [--splithosts] [--multiemail] [--output output-
type ] [--numeric] [--no-oldfiles-log] [--version] [--help|--usage]
Unless you specify an option, it will be read from the configuration file.
Example:
$ logwatch --detail Low --mailto email@address --service http --range today
Below is an example logwatch output:
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Mon Mar 11 06:25:04 2013
Date Range Processed: yesterday
( 2013-Mar-10 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: li166-66
##################################################################
--------------------- Denyhosts Begin ------------------------
new denied hosts:
198.101.155.224
---------------------- Denyhosts End -------------------------
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
ssh: [ 10:10 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Requests with error response codes
403 Forbidden
/: 1 Time(s)
/2011/12/28/check-site-for-malware-with-google-safe-browsing: 1 Time(s)
/wp-content/gallery/centos6_netinstall/02_ ... _netinstall.png: 1 Time(s)
/wp-login.php: 3 Time(s)
404 Not Found
/2012/05/22/install-nmap-6-on-debian-or-ub ... /icon_smile.gif: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 00ad59cfbe0d0e6: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 0428a5432cddd7a: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 100bbfd2fb6f814: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 29e2974b4e7a6d9: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 46e8cf0ecfe2950: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 93ac2279ce4b930: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... 9588a7ccfccc633: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... a4920cc0865dfcb: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... a8bb27807d8787c: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... crumb-arrow.png: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... ee9627dfa9953af: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... f2df84c37e4600c: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... linux/pixel.gif: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... n_donate_lg.gif: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... nux/default.png: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... nux/magnify.png: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... nux/twitter.png: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... ux/facebook.png: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ub ... x/nmap_logo.png: 1 Time(s)
/2012/05/22/install-nmap-6-on-debian-or-ubuntu-linux/rss.png: 1 Time(s)
/admin/config.php: 1 Time(s)
/index.php?do=register: 1 Time(s)
/tag/button/feed/www.gimp.org: 1 Time(s)
http://37.28.156.211/sprawdza.php: 1 Time(s)
http://server5.cyberpods.net/azenv.php: 1 Time(s)
408 Request Timeout
null: 605 Time(s)
500 Internal Server Error
/wp-comments-post.php: 3 Time(s)
501 Not Implemented
null: 2 Time(s)
---------------------- httpd End -------------------------
--------------------- iptables firewall Begin ------------------------
Listed by source hosts:
Logged 610 packets on interface eth0
From 1.34.254.8 - 1 packet to tcp(23)
From 2.28.22.209 - 11 packets to tcp(443)
From 2.50.172.58 - 3 packets to tcp(3389)
From 5.34.242.184 - 3 packets to tcp(3128)
From 15.219.201.68 - 18 packets to tcp(80)
From 38.81.66.114 - 18 packets to tcp(4242)
From 41.137.24.82 - 3 packets to tcp(80)
From 42.96.156.107 - 2 packets to tcp(3389)
From 46.20.35.92 - 1 packet to udp(6060)
From 49.88.119.47 - 9 packets to tcp(3899,4899,4900)
From 59.165.88.171 - 1 packet to tcp(23)
From 60.191.170.125 - 2 packets to tcp(135)
From 60.218.122.219 - 1 packet to tcp(1433)
From 61.147.103.188 - 1 packet to tcp(1433)
From 61.155.106.212 - 1 packet to tcp(1433)
From 61.174.50.67 - 1 packet to tcp(135)
From 66.207.200.146 - 3 packets to tcp(1433,3306,8080)
From 69.155.10.189 - 1 packet to tcp(23)
From 69.172.200.161 - 8 packets to tcp(12623)
From 69.175.126.170 - 1 packet to udp(5353)
From 72.223.99.33 - 1 packet to udp(56423)
From 77.232.135.244 - 1 packet to tcp(5900)
From 78.43.232.88 - 22 packets to tcp(80)
From 78.69.210.213 - 31 packets to tcp(80)
From 79.10.37.58 - 1 packet to udp(56423)
From 80.24.53.69 - 18 packets to tcp(21)
From 80.212.224.97 - 4 packets to tcp(80)
From 82.173.96.40 - 6 packets to tcp(80)
From 83.8.73.55 - 1 packet to udp(17569)
From 85.25.147.36 - 1 packet to udp(5060)
From 87.4.17.169 - 2 packets to tcp(80)
From 87.246.138.244 - 3 packets to tcp(8080)
From 92.86.253.174 - 3 packets to tcp(80)
From 93.115.85.194 - 1 packet to tcp(5900)
From 93.214.142.24 - 10 packets to tcp(80)
From 94.20.26.2 - 1 packet to tcp(80)
From 96.254.171.2 - 4 packets to tcp(1080,3128,8080)
From 98.143.36.192 - 1 packet to tcp(8123)
From 107.15.14.134 - 60 packets to tcp(4242)
From 108.58.98.254 - 1 packet to tcp(23)
From 108.171.254.201 - 2 packets to tcp(1433)
From 110.76.47.71 - 1 packet to tcp(1433)
From 113.11.194.210 - 1 packet to tcp(1433)
From 115.238.247.123 - 1 packet to tcp(1433)
From 117.35.157.251 - 1 packet to tcp(5900)
From 117.79.89.16 - 1 packet to tcp(22222)
From 118.123.255.173 - 1 packet to tcp(1433)
From 118.126.16.10 - 1 packet to tcp(135)
From 119.86.194.10 - 1 packet to udp(62752)
From 121.10.133.143 - 1 packet to tcp(3389)
From 122.141.177.94 - 1 packet to tcp(1433)
From 122.226.109.101 - 2 packets to tcp(3389)
From 123.30.66.69 - 2 packets to tcp(80)
From 124.232.141.41 - 1 packet to tcp(1433)
From 124.232.153.86 - 1 packet to tcp(3306)
From 138.162.128.52 - 5 packets to tcp(80)
From 138.162.128.54 - 4 packets to tcp(80)
From 138.162.128.55 - 1 packet to tcp(80)
From 142.196.45.37 - 4 packets to tcp(80)
From 146.0.74.29 - 6 packets to tcp(8118)
From 150.70.172.207 - 1 packet to tcp(80)
From 173.199.120.51 - 5 packets to tcp(80)
From 174.29.86.148 - 8 packets to tcp(80)
From 175.207.157.7 - 1 packet to tcp(23)
From 176.10.35.241 - 1 packet to tcp(5560)
From 176.61.139.128 - 3 packets to tcp(3128)
From 178.149.13.60 - 3 packets to tcp(80)
From 178.170.91.6 - 1 packet to udp(5060)
From 178.216.50.22 - 3 packets to tcp(8080)
From 182.52.115.94 - 3 packets to tcp(4899)
From 183.102.243.91 - 1 packet to tcp(3389)
From 184.80.28.3 - 6 packets to udp(161)
From 186.45.244.177 - 2 packets to tcp(5900)
From 192.81.129.78 - 1 packet to tcp(5900)
From 192.151.154.106 - 1 packet to tcp(3306)
From 192.168.91.128 - 11 packets to tcp(80)
From 198.13.96.197 - 3 packets to tcp(1433)
From 198.20.70.114 - 1 packet to tcp(110)
From 198.101.155.224 - 5 packets to tcp(22)
From 198.154.104.41 - 2 packets to tcp(80)
From 199.119.225.91 - 10 packets to tcp(22)
From 199.245.52.26 - 1 packet to tcp(3072)
From 202.22.199.229 - 11 packets to tcp(80)
From 202.47.115.95 - 1 packet to tcp(23)
From 202.91.241.246 - 1 packet to tcp(3389)
From 203.116.39.115 - 22 packets to tcp(80)
From 203.219.29.182 - 10 packets to tcp(80)
From 204.227.127.170 - 4 packets to tcp(80)
From 206.195.193.254 - 10 packets to tcp(80)
From 210.13.80.217 - 1 packet to tcp(1433)
From 211.110.10.146 - 1 packet to tcp(3306)
From 211.162.79.51 - 1 packet to tcp(5900)
From 218.25.237.230 - 1 packet to tcp(1433)
From 218.80.254.147 - 1 packet to tcp(3389)
From 218.232.105.120 - 1 packet to tcp(1433)
From 219.153.48.115 - 1 packet to tcp(3389)
From 219.235.8.241 - 1 packet to tcp(1433)
From 222.89.46.73 - 1 packet to tcp(1433)
From 223.4.147.229 - 169 packets to tcp(22)
From 223.18.147.116 - 1 packet to tcp(23)
---------------------- iptables firewall End -------------------------
--------------------- Postfix Begin ------------------------
6.561K Bytes accepted 6,718
6.561K Bytes sent via SMTP 6,718
======== ==================================================
6 Accepted 75.00%
2 Rejected 25.00%
-------- --------------------------------------------------
8 Total 100.00%
======== ==================================================
2 5xx Reject relay denied 100.00%
-------- --------------------------------------------------
2 Total 5xx Rejects 100.00%
======== ==================================================
3 4xx Reject unknown client host 100.00%
-------- --------------------------------------------------
3 Total 4xx Rejects 100.00%
======== ==================================================
9 Connections
6 Connections lost (inbound)
9 Disconnections
6 Removed from queue
6 Sent via SMTP
1 SMTP dialog errors
1 Hostname verification errors
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Illegal users from:
198.101.155.224: 8 times
Refused incoming connections:
198.101.155.224 (198.101.155.224): 2 Time(s)
**Unmatched Entries**
reverse mapping checking getaddrinfo for ip223.hichina.com [223.4.147.229] failed - POSSIBLE BREAK-IN ATTEMPT! : 25 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/xvda 47G 15G 32G 32% /
/dev 502M 112K 502M 1% /dev
------------- Directory Sizes ---------------
Size Location
(GB)
818M /var/log
1.4G /usr
------------- Directory Sizes ---------------
------------- Home Directory Sizes ---------------
Size Location
(MB)
3.9G /home/asdfasdf
------------- Home Directory Sizes ---------------
------------- Mail Directory Sizes ---------------
Size Location
(MB)
176K /var/spool/mail/root
------------- Mail Directory Sizes ---------------
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
That’s it! Enjoy.
