Fuz Hackerspace

User Tools

Site Tools

You are here: start » infra » logwatch
infra:logwatch

This is an old revision of the document!

Logwatch est un outil permettant d'avoir un rapport (par défaut sous debian par mail quotidien) de l'activité d'une machine.

Sous debian, `apt install logwatch`. Une fois installé, en fonction des services activés et des modules installés, il va compiler les logs ssh, sudo et l'état des disques:

Un exemple de log ( issu de https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps ) :

################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Wed Nov 15 15:07:00 2013
Date Range Processed: today
( 2013-Nov-15 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: host_name
##################################################################

——————— Postfix Begin ————————

3.453K Bytes accepted 3,536
3.453K Bytes delivered 3,536
======== ================================================

3 Accepted 100.00%
——– ————————————————
3 Total 100.00%
======== ================================================

3 Removed from queue
2 Delivered
1 Sent via SMTP

1 Connection failure (outbound)

1 Postfix start


———————- Postfix End ————————-


——————— Connections (secure-log) Begin ————————

New Users:
apache (48)

New Groups:
apache (48)


Unmatched Entries
groupadd: group added to /etc/group: name=apache, GID=48: 1 Time(s)
groupadd: group added to /etc/gshadow: name=apache: 1 Time(s)

———————- Connections (secure-log) End ————————-

——————— SSHD Begin ————————


SSHD Started: 2 Time(s)

Users logging in through sshd:
root:
ip_addr (ip_addr): 1 time

———————- SSHD End ————————-

——————— yum Begin ————————


Packages Installed:
apr-1.3.9-5.el6_2.x86_64
apr-util-1.3.9-3.el6_0.1.x86_64
perl-YAML-Syck-1.07-4.el6.x86_64
4:perl-5.10.1-131.el6_4.x86_64
mailx-12.4-6.el6.x86_64
1:perl-Pod-Simple-3.13-131.el6_4.x86_64
1:perl-Pod-Escapes-1.04-131.el6_4.x86_64
3:perl-version-0.77-131.el6_4.x86_64
httpd-2.2.15-29.el6.centos.x86_64
4:perl-libs-5.10.1-131.el6_4.x86_64
mailcap-2.1.31-2.el6.noarch
perl-Date-Manip-6.24-1.el6.noarch
1:perl-Module-Pluggable-3.90-131.el6_4.x86_64
httpd-tools-2.2.15-29.el6.centos.x86_64
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
logwatch-7.3.6-49.el6.noarch

———————- yum End ————————-

infra/logwatch.1573679167.txt.gz · Last modified: 2023-02-02 22:06 (external edit)