Logwatch: Difference between revisions
No edit summary |
|||
Line 31: | Line 31: | ||
--------------------- dpkg status changes Begin ------------------------ | --------------------- dpkg status changes Begin ------------------------ | ||
Installed: | Installed: | ||
apache2-mpm-prefork 2.2.14-5ubuntu8 | apache2-mpm-prefork 2.2.14-5ubuntu8 | ||
Line 107: | Line 106: | ||
---------------------- dpkg status changes End ------------------------- | ---------------------- dpkg status changes End ------------------------- | ||
--------------------- Kernel Begin ------------------------ | --------------------- Kernel Begin ------------------------ | ||
WARNING: Kernel Errors Present | WARNING: Kernel Errors Present | ||
[ 60.584125] end_request: I/O error, dev fd0, sector ...: 1 Time(s) | [ 60.584125] end_request: I/O error, dev fd0, sector ...: 1 Time(s) | ||
Line 119: | Line 115: | ||
---------------------- Kernel End ------------------------- | ---------------------- Kernel End ------------------------- | ||
--------------------- pam_unix Begin ------------------------ | --------------------- pam_unix Begin ------------------------ | ||
sudo: | sudo: | ||
Authentication Failures: | Authentication Failures: | ||
mikk(0) -> mikk: 1 Time(s) | mikk(0) -> mikk: 1 Time(s) | ||
---------------------- pam_unix End ------------------------- | ---------------------- pam_unix End ------------------------- | ||
--------------------- Connections (secure-log) Begin ------------------------ | --------------------- Connections (secure-log) Begin ------------------------ | ||
New Users: | New Users: | ||
postfix (115) | postfix (115) | ||
Line 157: | Line 146: | ||
---------------------- Connections (secure-log) End ------------------------- | ---------------------- Connections (secure-log) End ------------------------- | ||
--------------------- Sudo (secure-log) Begin ------------------------ | --------------------- Sudo (secure-log) Begin ------------------------ | ||
============================================================================== | ============================================================================== | ||
Line 170: | Line 157: | ||
---------------------- Sudo (secure-log) End ------------------------- | ---------------------- Sudo (secure-log) End ------------------------- | ||
--------------------- Disk Space Begin ------------------------ | |||
Filesystem Size Used Avail Use% Mounted on | Filesystem Size Used Avail Use% Mounted on | ||
/dev/sda1 7.5G 2.6G 4.6G 36% / | /dev/sda1 7.5G 2.6G 4.6G 36% / | ||
none 498M 252K 497M 1% /dev | none 498M 252K 497M 1% /dev | ||
none 7.5G 2.6G 4.6G 36% /var/lib/ureadahead/debugfs | none 7.5G 2.6G 4.6G 36% /var/lib/ureadahead/debugfs | ||
---------------------- Disk Space End ------------------------- | |||
---------------------- Disk Space End ------------------------- | ###################### Logwatch End ######################### | ||
###################### Logwatch End ######################### | |||
==Eeldused== | ==Eeldused== |
Revision as of 20:43, 8 May 2010
Autor
Mikk Mähar AK32
Mis on asi Logwatch
Logwatch on paindlik logide analüüsi tarkvara, mida vaikimisi käivitatakse kord ööpäevas(cron.daily) eelmise päeva logide analüüsimiseks.
Näiteid vaikimisi toetatud logi failidest
Vaikimisi toetab logwatch 94 süsteemi administraatorile teada tuntud rakenduse logide analüüsimist. Näitena toetatud rakendustest tooks välja:
*clamav *dhcpd *httpd *sshd *named *openvpn *syslogd *postfix *sudo *spamassassin *sendmail *yum *windows (windowsi eventlogi väljavõtted, mis on edastatud UNIX-il baseeruvale syslog serverile)
Lisaks vaikimisi toetatud rakendustele on võimalik lisada oma rakenduste logide analüüsi tugi kirjeldades logwatchis ära filtrid kuidas neid logisid analüüsida.
Näidis logwatchi analüüsi väljundist
################### Logwatch 7.3.6 (05/19/07) #################### Processing Initiated: Sat May 8 21:35:03 2010 Date Range Processed: yesterday ( 2010-May-07 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: mikk-laptop ################################################################## --------------------- dpkg status changes Begin ------------------------ Installed: apache2-mpm-prefork 2.2.14-5ubuntu8 apache2-utils 2.2.14-5ubuntu8 apache2.2-bin 2.2.14-5ubuntu8 apache2.2-common 2.2.14-5ubuntu8 cowsay 3.03-9.2 libapr1 1.3.8-1build1 libaprutil1 1.3.9+dfsg-3build1 libaprutil1-dbd-sqlite3 1.3.9+dfsg-3build1 libaprutil1-ldap 1.3.9+dfsg-3build1 libdate-manip-perl 6.05-1 libyaml-syck-perl 1.07-1build1 linux-headers-2.6.32-22 2.6.32-22.33 linux-headers-2.6.32-22-generic 2.6.32-22.33 linux-image-2.6.32-22-generic 2.6.32-22.33 logwatch 7.3.6.cvs20090906-1ubuntu2 postfix 2.7.0-1 samba 2:3.4.7~dfsg-1ubuntu3 Upgraded: acpid 1.0.10-5ubuntu2 => 1.0.10-5ubuntu2.1 capplets-data 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1 empathy 2.30.0.1-0ubuntu3 => 2.30.1-0ubuntu1 empathy-common 2.30.0.1-0ubuntu3 => 2.30.1-0ubuntu1 file-roller 2.30.0-0ubuntu1 => 2.30.1.1-0ubuntu2 gedit 2.30.0git20100413-0ubuntu1 => 2.30.2-0ubuntu1 gedit-common 2.30.0git20100413-0ubuntu1 => 2.30.2-0ubuntu1 gnome-control-center 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1 gnome-settings-daemon 2.30.0-0ubuntu6 => 2.30.1-0ubuntu1 grub-common 1.98-1ubuntu5 => 1.98-1ubuntu6 grub-pc 1.98-1ubuntu5 => 1.98-1ubuntu6 indicator-sound 0.2.2-0ubuntu1 => 0.2.3-0ubuntu1 language-pack-en 1:10.04+20100421 => 1:10.04+20100422 language-pack-en-base 1:10.04+20100421 => 1:10.04+20100422 language-pack-gnome-en 1:10.04+20100421 => 1:10.04+20100422 language-pack-gnome-en-base 1:10.04+20100421 => 1:10.04+20100422 libgnome-window-settings1 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1 libgtksourceview2.0-0 2.10.0-0ubuntu1 => 2.10.1-0ubuntu1 libgtksourceview2.0-common 2.10.0-0ubuntu1 => 2.10.1-0ubuntu1 libkpathsea5 2009-5 => 2009-5ubuntu0.1 libnautilus-extension1 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1 librsvg2-2 2.26.2-0ubuntu1 => 2.26.2-0ubuntu2 librsvg2-common 2.26.2-0ubuntu1 => 2.26.2-0ubuntu2 libsoup-gnome2.4-1 2.30.0-0ubuntu1 => 2.30.1-0ubuntu1 libsoup2.4-1 2.30.0-0ubuntu1 => 2.30.1-0ubuntu1 linux-generic 2.6.32.21.22 => 2.6.32.22.23 linux-headers-generic 2.6.32.21.22 => 2.6.32.22.23 linux-image-generic 2.6.32.21.22 => 2.6.32.22.23 linux-libc-dev 2.6.32-21.32 => 2.6.32-22.33 nautilus 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1 nautilus-data 1:2.30.0-0ubuntu4 => 1:2.30.1-0ubuntu1 nautilus-sendto-empathy 2.30.0.1-0ubuntu3 => 2.30.1-0ubuntu1 pm-utils 1.3.0-1ubuntu1 => 1.3.0-1ubuntu2 python-ubuntuone-client 1.2.1-0ubuntu1 => 1.2.1-0ubuntu2 rhythmbox 0.12.8-0ubuntu3 => 0.12.8-0ubuntu4 rhythmbox-plugin-cdrecorder 0.12.8-0ubuntu3 => 0.12.8-0ubuntu4 rhythmbox-plugins 0.12.8-0ubuntu3 => 0.12.8-0ubuntu4 software-center 2.0.2 => 2.0.3 tomboy 1.2.0-0ubuntu1 => 1.2.1-0ubuntu1 transmission-common 1.92-0ubuntu2 => 1.92-0ubuntu2.1 transmission-gtk 1.92-0ubuntu2 => 1.92-0ubuntu2.1 ubuntuone-client 1.2.1-0ubuntu1 => 1.2.1-0ubuntu2 ubuntuone-client-gnome 1.2.1-0ubuntu1 => 1.2.1-0ubuntu2 Unknown lines: 2010-05-07 19:39:01 update-alternatives: run with --set libgksu-gconf-defaults /usr/share/libgksu/debian/gconf-defaults.libgksu-sudo 2010-05-07 19:39:01 update-alternatives: status of link group libgksu-gconf-defaults set to manual 2010-05-07 19:57:57 update-alternatives: link group gnome-text-editor fully removed 2010-05-07 19:57:57 update-alternatives: run with --remove gnome-text-editor /usr/bin/gedit 2010-05-07 20:00:08 update-alternatives: link group gnome-text-editor updated to point to /usr/bin/gedit 2010-05-07 20:00:08 update-alternatives: run with --install /usr/bin/gnome-text-editor gnome-text-editor /usr/bin/gedit 50 --slave /usr/share/man/man1/gnome-text-editor.1.gz gnome-text-editor.1.gz /usr/share/man/man1/gedit.1.gz 2010-05-07 20:13:21 update-alternatives: link group smbstatus updated to point to /usr/bin/smbstatus.samba3 2010-05-07 20:13:21 update-alternatives: run with --install /usr/bin/smbstatus smbstatus /usr/bin/smbstatus.samba3 10 --slave /usr/share/man/man1/smbstatus.1.gz smbstatus.1.gz /usr/share/man/man1/smbstatus.samba3.1.gz ---------------------- dpkg status changes End ------------------------- --------------------- Kernel Begin ------------------------ WARNING: Kernel Errors Present [ 60.584125] end_request: I/O error, dev fd0, sector ...: 1 Time(s) [ 60.693988] end_request: I/O error, dev fd0, sector ...: 1 Time(s) [ 120.647937] end_request: I/O error, dev fd0, sector ...: 1 Time(s) [ 120.752190] end_request: I/O error, dev fd0, sector ...: 1 Time(s) ---------------------- Kernel End ------------------------- --------------------- pam_unix Begin ------------------------ sudo: Authentication Failures: mikk(0) -> mikk: 1 Time(s) ---------------------- pam_unix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ New Users: postfix (115) New Groups: postfix (123) postdrop (124) Changed password expiry for users: postfix : 1 Time(s) **Unmatched Entries** gdm-session-worker: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :0: 2 Time(s) gdm-session-worker: pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by user "mikk": 2 Time(s) gnome-keyring-daemon: couldn't initialize slot with master password: The password or PIN is incorrect: 1 Time(s) gnome-screensaver-dialog: gkr-pam: unlocked login keyring: 4 Time(s) groupadd: group added to /etc/group: name=postdrop, GID=124: 1 Time(s) groupadd: group added to /etc/group: name=postfix, GID=123: 1 Time(s) groupadd: group added to /etc/gshadow: name=postdrop: 1 Time(s) groupadd: group added to /etc/gshadow: name=postfix: 1 Time(s) polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session2 (system bus name :1.33 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.utf8): 2 Time(s) usermod: change user 'postfix' password: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- Sudo (secure-log) Begin ------------------------ ============================================================================== mikk => root ------------ /bin/bash - 1 Times. /usr/sbin/synaptic - 2 Times. ---------------------- Sudo (secure-log) End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/sda1 7.5G 2.6G 4.6G 36% / none 498M 252K 497M 1% /dev none 7.5G 2.6G 4.6G 36% /var/lib/ureadahead/debugfs ---------------------- Disk Space End ------------------------- ###################### Logwatch End #########################
Eeldused
Kasutamise eelduseks on see, et kasutusel on mõni linuxi distributsioon, kus on seadistatud perli tugi.
Paigaldamine
Paigaldamise näide on toodud Ubuntu Linuxi põhjal. Logwatchi paigaldamiseks tuleb terminali sisestada järgmised käsud:
sudo apt-get update sudo apt-get install logwatch
Selle tulemusena paigaldatakse masinasse postfixi, perli ja logwatchi pakid.
Seadistamine
Selleks, et raporteid saadetaks e-postiga tuleb muuta /etc/cron.daily/00logwatch failis muuta logwatchi käivitamise parameetrid nõnda:
/usr/sbin/logwatch --mailto aadress@domeen.com
Logwatchi seadistamiseks tuleb muuta konfiguratsiooni faili:
sudo vim /usr/share/logwatch/default.conf/logwatch.conf
Vaikimisi analüüsib logwatch ka logide arhiive (näiteks /var/log/messages.1 või /var/log/messages.1.gz). Soovi korral saab seda välja lülitada, eemaldades konfiguratsiooni failis kirje Archives = No eest #. Analüüsitava ajavahemiku määramiseks on konfiguratsiooni failis muutujaga Range vaikimisi analüüsitakse eelmist päeva "yesterday". Raporteerimise taset on võimalik määrata vahemikus 0-10 või vastavalt sõnadega Low, Med, High.