This is an old revision of the document!
Logwatch est un outil permettant d'avoir un rapport (par défaut sous debian par mail quotidien) de l'activité d'une machine.
Sous debian, `apt install logwatch`. Une fois installé, en fonction des services activés et des modules installés, il va compiler les logs ssh, sudo et l'état des disques:
Un exemple de log ( issu de https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps ) :
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Wed Nov 15 15:07:00 2013
Date Range Processed: today
( 2013-Nov-15 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: host_name
##################################################################
——————— Postfix Begin ————————
3.453K Bytes accepted 3,536
3.453K Bytes delivered 3,536
======== ================================================
3 Accepted 100.00%
——– ————————————————
3 Total 100.00%
======== ================================================
3 Removed from queue
2 Delivered
1 Sent via SMTP
1 Connection failure (outbound)
1 Postfix start
———————- Postfix End ————————-
——————— Connections (secure-log) Begin ————————
New Users:
apache (48)
New Groups:
apache (48)
Unmatched Entries
groupadd: group added to /etc/group: name=apache, GID=48: 1 Time(s)
groupadd: group added to /etc/gshadow: name=apache: 1 Time(s)
———————- Connections (secure-log) End ————————-
——————— SSHD Begin ————————
SSHD Started: 2 Time(s)
Users logging in through sshd:
root:
ip_addr (ip_addr): 1 time
———————- SSHD End ————————-
——————— yum Begin ————————
Packages Installed:
apr-1.3.9-5.el6_2.x86_64
apr-util-1.3.9-3.el6_0.1.x86_64
perl-YAML-Syck-1.07-4.el6.x86_64
4:perl-5.10.1-131.el6_4.x86_64
mailx-12.4-6.el6.x86_64
1:perl-Pod-Simple-3.13-131.el6_4.x86_64
1:perl-Pod-Escapes-1.04-131.el6_4.x86_64
3:perl-version-0.77-131.el6_4.x86_64
httpd-2.2.15-29.el6.centos.x86_64
4:perl-libs-5.10.1-131.el6_4.x86_64
mailcap-2.1.31-2.el6.noarch
perl-Date-Manip-6.24-1.el6.noarch
1:perl-Module-Pluggable-3.90-131.el6_4.x86_64
httpd-tools-2.2.15-29.el6.centos.x86_64
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
logwatch-7.3.6-49.el6.noarch
———————- yum End ————————-