Logwatch: Difference between revisions

From ICO wiki
Jump to navigationJump to search
Mmahar (talk | contribs)
Mmahar (talk | contribs)
No edit summary
Line 19: Line 19:
  *windows (windowsi eventlogi väljavõtted, mis on edastatud UNIX-il baseeruvale syslog serverile)
  *windows (windowsi eventlogi väljavõtted, mis on edastatud UNIX-il baseeruvale syslog serverile)
Lisaks vaikimisi toetatud rakendustele on võimalik lisada oma rakenduste logide analüüsi tugi kirjeldades logwatchis ära filtrid kuidas neid logisid analüüsida.
Lisaks vaikimisi toetatud rakendustele on võimalik lisada oma rakenduste logide analüüsi tugi kirjeldades logwatchis ära filtrid kuidas neid logisid analüüsida.
====Näidis logwatchi analüüsi väljundist====
################### Logwatch 7.3.6 (05/19/07) ####################
        Processing Initiated: Sat May  8 21:35:03 2010
        Date Range Processed: yesterday
                              ( 2010-May-07 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: mikk-laptop
  ##################################################################
--------------------- dpkg status changes Begin ------------------------
Installed:
    apache2-mpm-prefork 2.2.14-5ubuntu8
    apache2-utils 2.2.14-5ubuntu8
    apache2.2-bin 2.2.14-5ubuntu8
    apache2.2-common 2.2.14-5ubuntu8
    cowsay 3.03-9.2
    libapr1 1.3.8-1build1
    libaprutil1 1.3.9+dfsg-3build1
    libaprutil1-dbd-sqlite3 1.3.9+dfsg-3build1
    libaprutil1-ldap 1.3.9+dfsg-3build1
    libdate-manip-perl 6.05-1
    libyaml-syck-perl 1.07-1build1
    linux-headers-2.6.32-22 2.6.32-22.33
    linux-headers-2.6.32-22-generic 2.6.32-22.33
    linux-image-2.6.32-22-generic 2.6.32-22.33
    logwatch 7.3.6.cvs20090906-1ubuntu2
    postfix 2.7.0-1
    samba 2:3.4.7~dfsg-1ubuntu3
Upgraded:
    acpid 1.0.10-5ubuntu2 => 1.0.10-5ubuntu2.1
    capplets-data 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
    empathy 2.30.0.1-0ubuntu3 => 2.30.1-0ubuntu1
    empathy-common 2.30.0.1-0ubuntu3 => 2.30.1-0ubuntu1
    file-roller 2.30.0-0ubuntu1 => 2.30.1.1-0ubuntu2
    gedit 2.30.0git20100413-0ubuntu1 => 2.30.2-0ubuntu1
    gedit-common 2.30.0git20100413-0ubuntu1 => 2.30.2-0ubuntu1
    gnome-control-center 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
    gnome-settings-daemon 2.30.0-0ubuntu6 => 2.30.1-0ubuntu1
    grub-common 1.98-1ubuntu5 => 1.98-1ubuntu6
    grub-pc 1.98-1ubuntu5 => 1.98-1ubuntu6
    indicator-sound 0.2.2-0ubuntu1 => 0.2.3-0ubuntu1
    language-pack-en 1:10.04+20100421 => 1:10.04+20100422
    language-pack-en-base 1:10.04+20100421 => 1:10.04+20100422
    language-pack-gnome-en 1:10.04+20100421 => 1:10.04+20100422
    language-pack-gnome-en-base 1:10.04+20100421 => 1:10.04+20100422
    libgnome-window-settings1 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
    libgtksourceview2.0-0 2.10.0-0ubuntu1 => 2.10.1-0ubuntu1
    libgtksourceview2.0-common 2.10.0-0ubuntu1 => 2.10.1-0ubuntu1
    libkpathsea5 2009-5 => 2009-5ubuntu0.1
    libnautilus-extension1 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
    librsvg2-2 2.26.2-0ubuntu1 => 2.26.2-0ubuntu2
    librsvg2-common 2.26.2-0ubuntu1 => 2.26.2-0ubuntu2
    libsoup-gnome2.4-1 2.30.0-0ubuntu1 => 2.30.1-0ubuntu1
    libsoup2.4-1 2.30.0-0ubuntu1 => 2.30.1-0ubuntu1
    linux-generic 2.6.32.21.22 => 2.6.32.22.23
    linux-headers-generic 2.6.32.21.22 => 2.6.32.22.23
    linux-image-generic 2.6.32.21.22 => 2.6.32.22.23
    linux-libc-dev 2.6.32-21.32 => 2.6.32-22.33
    nautilus 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
    nautilus-data 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
    nautilus-sendto-empathy 2.30.0.1-0ubuntu3 => 2.30.1-0ubuntu1
    pm-utils 1.3.0-1ubuntu1 => 1.3.0-1ubuntu2
    python-ubuntuone-client 1.2.1-0ubuntu1 => 1.2.1-0ubuntu2
    rhythmbox 0.12.8-0ubuntu3 => 0.12.8-0ubuntu4
    rhythmbox-plugin-cdrecorder 0.12.8-0ubuntu3 => 0.12.8-0ubuntu4
    rhythmbox-plugins 0.12.8-0ubuntu3 => 0.12.8-0ubuntu4
    software-center 2.0.2 => 2.0.3
    tomboy 1.2.0-0ubuntu1 => 1.2.1-0ubuntu1
    transmission-common 1.92-0ubuntu2 => 1.92-0ubuntu2.1
    transmission-gtk 1.92-0ubuntu2 => 1.92-0ubuntu2.1
    ubuntuone-client 1.2.1-0ubuntu1 => 1.2.1-0ubuntu2
    ubuntuone-client-gnome 1.2.1-0ubuntu1 => 1.2.1-0ubuntu2
Unknown lines:
    2010-05-07 19:39:01 update-alternatives: run with --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo
    2010-05-07 19:39:01 update-alternatives: status of link group libgksu-gconf-defaults set to manual
    2010-05-07 19:57:57 update-alternatives: link group gnome-text-editor fully removed
    2010-05-07 19:57:57 update-alternatives: run with --remove gnome-text-editor /usr/bin/gedit
    2010-05-07 20:00:08 update-alternatives: link group gnome-text-editor updated to point to /usr/bin/gedit
    2010-05-07 20:00:08 update-alternatives: run with --install /usr/bin/gnome-text-editor gnome-text-editor /usr/bin/gedit 50 --slave /usr/share/man/man1/gnome-text-editor.1.gz gnome-text-editor.1.gz /usr/share/man/man1/gedit.1.gz
    2010-05-07 20:13:21 update-alternatives: link group smbstatus updated to point to /usr/bin/smbstatus.samba3
    2010-05-07 20:13:21 update-alternatives: run with --install /usr/bin/smbstatus smbstatus /usr/bin/smbstatus.samba3 10 --slave /usr/share/man/man1/smbstatus.1.gz smbstatus.1.gz /usr/share/man/man1/smbstatus.samba3.1.gz
---------------------- dpkg status changes End -------------------------
--------------------- Kernel Begin ------------------------
WARNING:  Kernel Errors Present
    [  60.584125] end_request: I/O error, dev fd0, sector ...:  1 Time(s)
    [  60.693988] end_request: I/O error, dev fd0, sector ...:  1 Time(s)
    [  120.647937] end_request: I/O error, dev fd0, sector ...:  1 Time(s)
    [  120.752190] end_request: I/O error, dev fd0, sector ...:  1 Time(s)
---------------------- Kernel End -------------------------
--------------------- pam_unix Begin ------------------------
sudo:
    Authentication Failures:
      mikk(0) -> mikk: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
New Users:
    postfix (115)
New Groups:
    postfix (123)
    postdrop (124)
Changed password expiry for users:
    postfix : 1 Time(s)
**Unmatched Entries**
    gdm-session-worker: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :0: 2 Time(s)
    gdm-session-worker: pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by user "mikk": 2 Time(s)
    gnome-keyring-daemon: couldn't initialize slot with master password: The password or PIN is incorrect: 1 Time(s)
    gnome-screensaver-dialog: gkr-pam: unlocked login keyring: 4 Time(s)
    groupadd: group added to /etc/group: name=postdrop, GID=124: 1 Time(s)
    groupadd: group added to /etc/group: name=postfix, GID=123: 1 Time(s)
    groupadd: group added to /etc/gshadow: name=postdrop: 1 Time(s)
    groupadd: group added to /etc/gshadow: name=postfix: 1 Time(s)
    polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session2 (system bus name :1.33 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.utf8): 2 Time(s)
    usermod: change user 'postfix' password: 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
mikk => root
------------
/bin/bash - 1 Times.
/usr/sbin/synaptic - 2 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1            7.5G  2.6G  4.6G  36% /
none                  498M  252K  497M  1% /dev
none                  7.5G  2.6G  4.6G  36% /var/lib/ureadahead/debugfs
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################


==Eeldused==
==Eeldused==

Revision as of 20:40, 8 May 2010

Autor

Mikk Mähar AK32

Mis on asi Logwatch

Logwatch on paindlik logide analüüsi tarkvara, mida vaikimisi käivitatakse kord ööpäevas(cron.daily) eelmise päeva logide analüüsimiseks.

Näiteid vaikimisi toetatud logi failidest

Vaikimisi toetab logwatch 94 süsteemi administraatorile teada tuntud rakenduse logide analüüsimist. Näitena toetatud rakendustest tooks välja:

*clamav
*dhcpd
*httpd
*sshd
*named
*openvpn
*syslogd
*postfix
*sudo
*spamassassin
*sendmail
*yum
*windows (windowsi eventlogi väljavõtted, mis on edastatud UNIX-il baseeruvale syslog serverile)

Lisaks vaikimisi toetatud rakendustele on võimalik lisada oma rakenduste logide analüüsi tugi kirjeldades logwatchis ära filtrid kuidas neid logisid analüüsida.

Näidis logwatchi analüüsi väljundist

################### Logwatch 7.3.6 (05/19/07) #################### 
       Processing Initiated: Sat May  8 21:35:03 2010
       Date Range Processed: yesterday
                             ( 2010-May-07 )
                             Period is day.
       Detail Level of Output: 0
       Type of Output/Format: mail / text
       Logfiles for Host: mikk-laptop
 ################################################################## 

--------------------- dpkg status changes Begin ------------------------ 
Installed:
   apache2-mpm-prefork 2.2.14-5ubuntu8
   apache2-utils 2.2.14-5ubuntu8
   apache2.2-bin 2.2.14-5ubuntu8
   apache2.2-common 2.2.14-5ubuntu8
   cowsay 3.03-9.2
   libapr1 1.3.8-1build1
   libaprutil1 1.3.9+dfsg-3build1
   libaprutil1-dbd-sqlite3 1.3.9+dfsg-3build1
   libaprutil1-ldap 1.3.9+dfsg-3build1
   libdate-manip-perl 6.05-1
   libyaml-syck-perl 1.07-1build1
   linux-headers-2.6.32-22 2.6.32-22.33
   linux-headers-2.6.32-22-generic 2.6.32-22.33
   linux-image-2.6.32-22-generic 2.6.32-22.33
   logwatch 7.3.6.cvs20090906-1ubuntu2
   postfix 2.7.0-1
   samba 2:3.4.7~dfsg-1ubuntu3

Upgraded:
   acpid 1.0.10-5ubuntu2 => 1.0.10-5ubuntu2.1
   capplets-data 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
   empathy 2.30.0.1-0ubuntu3 => 2.30.1-0ubuntu1
   empathy-common 2.30.0.1-0ubuntu3 => 2.30.1-0ubuntu1
   file-roller 2.30.0-0ubuntu1 => 2.30.1.1-0ubuntu2
   gedit 2.30.0git20100413-0ubuntu1 => 2.30.2-0ubuntu1
   gedit-common 2.30.0git20100413-0ubuntu1 => 2.30.2-0ubuntu1
   gnome-control-center 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
   gnome-settings-daemon 2.30.0-0ubuntu6 => 2.30.1-0ubuntu1
   grub-common 1.98-1ubuntu5 => 1.98-1ubuntu6
   grub-pc 1.98-1ubuntu5 => 1.98-1ubuntu6
   indicator-sound 0.2.2-0ubuntu1 => 0.2.3-0ubuntu1
   language-pack-en 1:10.04+20100421 => 1:10.04+20100422
   language-pack-en-base 1:10.04+20100421 => 1:10.04+20100422
   language-pack-gnome-en 1:10.04+20100421 => 1:10.04+20100422
   language-pack-gnome-en-base 1:10.04+20100421 => 1:10.04+20100422
   libgnome-window-settings1 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
   libgtksourceview2.0-0 2.10.0-0ubuntu1 => 2.10.1-0ubuntu1
   libgtksourceview2.0-common 2.10.0-0ubuntu1 => 2.10.1-0ubuntu1
   libkpathsea5 2009-5 => 2009-5ubuntu0.1
   libnautilus-extension1 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
   librsvg2-2 2.26.2-0ubuntu1 => 2.26.2-0ubuntu2
   librsvg2-common 2.26.2-0ubuntu1 => 2.26.2-0ubuntu2
   libsoup-gnome2.4-1 2.30.0-0ubuntu1 => 2.30.1-0ubuntu1
   libsoup2.4-1 2.30.0-0ubuntu1 => 2.30.1-0ubuntu1
   linux-generic 2.6.32.21.22 => 2.6.32.22.23
   linux-headers-generic 2.6.32.21.22 => 2.6.32.22.23
   linux-image-generic 2.6.32.21.22 => 2.6.32.22.23
   linux-libc-dev 2.6.32-21.32 => 2.6.32-22.33
   nautilus 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
   nautilus-data 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1
   nautilus-sendto-empathy 2.30.0.1-0ubuntu3 => 2.30.1-0ubuntu1
   pm-utils 1.3.0-1ubuntu1 => 1.3.0-1ubuntu2
   python-ubuntuone-client 1.2.1-0ubuntu1 => 1.2.1-0ubuntu2
   rhythmbox 0.12.8-0ubuntu3 => 0.12.8-0ubuntu4
   rhythmbox-plugin-cdrecorder 0.12.8-0ubuntu3 => 0.12.8-0ubuntu4
   rhythmbox-plugins 0.12.8-0ubuntu3 => 0.12.8-0ubuntu4
   software-center 2.0.2 => 2.0.3
   tomboy 1.2.0-0ubuntu1 => 1.2.1-0ubuntu1
   transmission-common 1.92-0ubuntu2 => 1.92-0ubuntu2.1
   transmission-gtk 1.92-0ubuntu2 => 1.92-0ubuntu2.1
   ubuntuone-client 1.2.1-0ubuntu1 => 1.2.1-0ubuntu2
   ubuntuone-client-gnome 1.2.1-0ubuntu1 => 1.2.1-0ubuntu2

Unknown lines:
   2010-05-07 19:39:01 update-alternatives: run with --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo
   2010-05-07 19:39:01 update-alternatives: status of link group libgksu-gconf-defaults set to manual
   2010-05-07 19:57:57 update-alternatives: link group gnome-text-editor fully removed
   2010-05-07 19:57:57 update-alternatives: run with --remove gnome-text-editor /usr/bin/gedit
   2010-05-07 20:00:08 update-alternatives: link group gnome-text-editor updated to point to /usr/bin/gedit
   2010-05-07 20:00:08 update-alternatives: run with --install /usr/bin/gnome-text-editor gnome-text-editor /usr/bin/gedit 50 --slave /usr/share/man/man1/gnome-text-editor.1.gz gnome-text-editor.1.gz /usr/share/man/man1/gedit.1.gz
   2010-05-07 20:13:21 update-alternatives: link group smbstatus updated to point to /usr/bin/smbstatus.samba3
   2010-05-07 20:13:21 update-alternatives: run with --install /usr/bin/smbstatus smbstatus /usr/bin/smbstatus.samba3 10 --slave /usr/share/man/man1/smbstatus.1.gz smbstatus.1.gz /usr/share/man/man1/smbstatus.samba3.1.gz

---------------------- dpkg status changes End ------------------------- 


--------------------- Kernel Begin ------------------------ 


WARNING:  Kernel Errors Present
   [   60.584125] end_request: I/O error, dev fd0, sector ...:  1 Time(s)
   [   60.693988] end_request: I/O error, dev fd0, sector ...:  1 Time(s)
   [  120.647937] end_request: I/O error, dev fd0, sector ...:  1 Time(s)
   [  120.752190] end_request: I/O error, dev fd0, sector ...:  1 Time(s)

---------------------- Kernel End ------------------------- 


--------------------- pam_unix Begin ------------------------ 
sudo:
   Authentication Failures:
      mikk(0) -> mikk: 1 Time(s)


---------------------- pam_unix End ------------------------- 


--------------------- Connections (secure-log) Begin ------------------------ 
New Users:
   postfix (115)

New Groups:
   postfix (123)
   postdrop (124)


Changed password expiry for users:
   postfix : 1 Time(s)

**Unmatched Entries**
   gdm-session-worker: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :0: 2 Time(s)
   gdm-session-worker: pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by user "mikk": 2 Time(s)
   gnome-keyring-daemon: couldn't initialize slot with master password: The password or PIN is incorrect: 1 Time(s)
   gnome-screensaver-dialog: gkr-pam: unlocked login keyring: 4 Time(s)
   groupadd: group added to /etc/group: name=postdrop, GID=124: 1 Time(s)
   groupadd: group added to /etc/group: name=postfix, GID=123: 1 Time(s)
   groupadd: group added to /etc/gshadow: name=postdrop: 1 Time(s)
   groupadd: group added to /etc/gshadow: name=postfix: 1 Time(s)
   polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session2 (system bus name :1.33 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.utf8): 2 Time(s)
   usermod: change user 'postfix' password: 1 Time(s)

---------------------- Connections (secure-log) End ------------------------- 


--------------------- Sudo (secure-log) Begin ------------------------ 


==============================================================================

mikk => root
------------
/bin/bash - 1 Times.
/usr/sbin/synaptic - 2 Times.

---------------------- Sudo (secure-log) End ------------------------- 


--------------------- Disk Space Begin ------------------------ 
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             7.5G  2.6G  4.6G  36% /
none                  498M  252K  497M   1% /dev
none                  7.5G  2.6G  4.6G  36% /var/lib/ureadahead/debugfs


---------------------- Disk Space End ------------------------- 


###################### Logwatch End ######################### 

Eeldused

Kasutamise eelduseks on see, et kasutusel on mõni linuxi distributsioon, kus on seadistatud perli tugi.

Paigaldamine

Paigaldamise näide on toodud Ubuntu Linuxi põhjal. Logwatchi paigaldamiseks tuleb terminali sisestada järgmised käsud:

sudo apt-get update
sudo apt-get install logwatch

Selle tulemusena paigaldatakse masinasse postfixi, perli ja logwatchi pakid.

Seadistamine

Selleks, et raporteid saadetaks e-postiga tuleb muuta /etc/cron.daily/00logwatch failis muuta logwatchi käivitamise parameetrid nõnda:

/usr/sbin/logwatch --mailto aadress@domeen.com

Logwatchi seadistamiseks tuleb muuta konfiguratsiooni faili:

sudo vim /usr/share/logwatch/default.conf/logwatch.conf

Vaikimisi analüüsib logwatch ka logide arhiive (näiteks /var/log/messages.1 või /var/log/messages.1.gz). Soovi korral saab seda välja lülitada, eemaldades konfiguratsiooni failis kirje Archives = No eest #. Analüüsitava ajavahemiku määramiseks on konfiguratsiooni failis muutujaga Range vaikimisi analüüsitakse eelmist päeva "yesterday". Raporteerimise taset on võimalik määrata vahemikus 0-10 või vastavalt sõnadega Low, Med, High.

Varundamine/Taastamine