infra:logwatch
This is an old revision of the document!
Logwatch est un outil permettant d'avoir un rapport (par défaut sous debian par mail quotidien) de l'activité d'une machine.
Sous debian, apt install logwatch
. Une fois installé, en fonction des services activés et des modules installés, il va compiler les logs ssh, sudo et l'état des disques:
Un exemple de log (issu de https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps) :
################### Logwatch 7.3.6 (05/19/07) #################### Processing Initiated: Wed Nov 15 15:07:00 2013 Date Range Processed: today ( 2013-Nov-15 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: host_name ################################################################## --------------------- Postfix Begin ------------------------ 3.453K Bytes accepted 3,536 3.453K Bytes delivered 3,536 ======== ================================================ 3 Accepted 100.00% -------- ------------------------------------------------ 3 Total 100.00% ======== ================================================ 3 Removed from queue 2 Delivered 1 Sent via SMTP 1 Connection failure (outbound) 1 Postfix start ---------------------- Postfix End ------------------------- --------------------- Connections (secure-log) Begin ------------------------ New Users: apache (48) New Groups: apache (48) **Unmatched Entries** groupadd: group added to /etc/group: name=apache, GID=48: 1 Time(s) groupadd: group added to /etc/gshadow: name=apache: 1 Time(s) ---------------------- Connections (secure-log) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Started: 2 Time(s) Users logging in through sshd: root: ip_addr (ip_addr): 1 time ---------------------- SSHD End ------------------------- --------------------- yum Begin ------------------------ Packages Installed: apr-1.3.9-5.el6_2.x86_64 apr-util-1.3.9-3.el6_0.1.x86_64 perl-YAML-Syck-1.07-4.el6.x86_64 4:perl-5.10.1-131.el6_4.x86_64 mailx-12.4-6.el6.x86_64 1:perl-Pod-Simple-3.13-131.el6_4.x86_64 1:perl-Pod-Escapes-1.04-131.el6_4.x86_64 3:perl-version-0.77-131.el6_4.x86_64 httpd-2.2.15-29.el6.centos.x86_64 4:perl-libs-5.10.1-131.el6_4.x86_64 mailcap-2.1.31-2.el6.noarch perl-Date-Manip-6.24-1.el6.noarch 1:perl-Module-Pluggable-3.90-131.el6_4.x86_64 httpd-tools-2.2.15-29.el6.centos.x86_64 apr-util-ldap-1.3.9-3.el6_0.1.x86_64 logwatch-7.3.6-49.el6.noarch ---------------------- yum End -------------------------
infra/logwatch.1574032710.txt.gz · Last modified: 2023-02-02 22:06 (external edit)