Intereting Posts
Скопирование в гном-терминале Создать точки монтирования автоматически в / mnt, даже если / доступен только для чтения Скопируйте файл sql через ssh с акцентами Сравнение двух разделенных файлов и выходных различий Есть ли параллельный файловый архиватор (например, tar)? добавочный и greppable архив на CentOS для хранения большого количества файлов журнала (logrotate on steroids) Как изменить мета-ключ (лидер-ключ Mm / Alt-M) в spacemacs? (Emacs, Ubuntu) Есть ли способ создать софт-ссылку, используя относительный путь? (не относительно дома или абсолютного) Копирование определенных подпапок со структурой каталогов в новую папку Каков правильный способ настройки Squid Proxy перед беспроводным маршрутизатором libopencc1 в плохом состоянии uname показывает дублируемую архитектуру USB-сетевой адаптер USB 3.0 периодически отключается от сети «watch-ing curl» дает неожиданный выход Как изменить параметры компилятора с помощью AutoMake?

Как я могу включить журналы fail2ban и mod_secure для отображения в logwatch на centos 6.4?

Я logwatch работаю с logwatch но я не вижу fail2ban и mod_secure появляющиеся в logwatch журналов журнала. Как включить это? Что мне нужно сделать для файла конфигурации logwatch?

Ниже приведен файл logwatch.conf.

 ######################################################## # This was written and is maintained by: # Kirk Bauer <kirk@kaybee.org> # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. # ######################################################## # NOTE: # All these options are the defaults if you run logwatch with no # command-line arguments. You can override all of these on the # command-line. # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of <name> = <value>. Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 # Default Log Directory # All log-files are assumed to be given relative to this directory. LogDir = /var/log # You can override the default temp directory (/tmp) here TmpDir = /var/cache/logwatch # Default person to mail reports to. Can be a local account or a # complete email address. Variable Print should be set to No to # enable mail feature. MailTo = root # WHen using option --multiemail, it is possible to specify a different # email recipient per host processed. For example, to send the report # for hostname host1 to user@example.com, use: #Mailto_host1 = user@example.com # Multiple recipients can be specified by separating them with a space. # Default person to mail reports from. Can be a local account or a # complete email address. MailFrom = Logwatch # If set to 'Yes', the report will be sent to stdout instead of being # mailed to above person. Print = Yes # if set, the results will be saved in <filename> instead of mailed # or displayed. #Save = /tmp/logwatch # Use archives? If set to 'Yes', the archives of logfiles # (ie /var/log/messages.1 or /var/log/messages.1.gz) will # be searched in addition to the /var/log/messages file. # This usually will not do much if your range is set to just # 'Yesterday' or 'Today'... it is probably best used with # By default this is now set to Yes. To turn off Archives uncomment this. #Archives = No # Range = All # The default time range for the report... # The current choices are All, Today, Yesterday Range = yesterday # The default detail level for the report. # This can either be Low, Med, High or a number. # Low = 0 # Med = 5 # High = 10 Detail = Low # The 'Service' option expects either the name of a filter # (in /usr/share/logwatch/scripts/services/*) or 'All'. # The default service(s) to report on. This should be left as All for # most people. Service = All # You can also disable certain services (when specifying all) Service = "-zz-network" # Prevents execution of zz-network service, which # prints useful network configuration info. Service = "-zz-sys" # Prevents execution of zz-sys service, which # prints useful system configuration info. Service = "-eximstats" # Prevents execution of eximstats service, which # is a wrapper for the eximstats program. # If you only cared about FTP messages, you could use these 2 lines # instead of the above: #Service = ftpd-messages # Processes ftpd messages in /var/log/messages #Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog # Maybe you only wanted reports on PAM messages, then you would use: #Service = pam_pwdb # PAM_pwdb messages - usually quite a bit #Service = pam # General PAM messages... usually not many # You can also choose to use the 'LogFile' option. This will cause # logwatch to only analyze that one logfile.. for example: #LogFile = messages # will process /var/log/messages. This will run all the filters that # process that logfile. This option is probably not too useful to # most people. Setting 'Service' to 'All' above analyizes all LogFiles # anyways... # # By default we assume that all Unix systems have sendmail or a sendmail-like system. # The mailer code Prints a header with To: From: and Subject:. # At this point you can change the mailer to any thing else that can handle that output # stream. TODO test variables in the mailer string to see if the To/From/Subject can be set # From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt mailer = "sendmail -t" # # With this option set to 'Yes', only log entries for this particular host # (as returned by 'hostname' command) will be processed. The hostname # can also be overridden on the commandline (with --hostname option). This # can allow a log host to process only its own logs, or Logwatch can be # run once per host included in the logfiles. # # The default is to report on all log entries, regardless of its source host. # Note that some logfiles do not include host information and will not be # influenced by this setting. # #HostLimit = Yes # By default the cron daemon generates daily logwatch report # if you want to switch it off uncomment DailyReport tag. # The implicit value is Yes # # DailyReport = No # vi: shiftwidth=3 tabstop=3 et 

Выход из команды sudo logwatch –debug Высокий | grep -T100 'LogFiles, которые будут обработаны:'

 000-*expandrepeats = 001-*onlyhost = 002-*applystddate = Logfile = /var/log/maillog Archive = /var/log/maillog.9.gz Archive = /var/log/maillog.8.gz Archive = /var/log/maillog.7.gz Archive = /var/log/maillog.6.gz Archive = /var/log/maillog.5.gz Archive = /var/log/maillog.4.gz Archive = /var/log/maillog.3.gz Archive = /var/log/maillog.29.gz Archive = /var/log/maillog.28.gz Archive = /var/log/maillog.27.gz Archive = /var/log/maillog.26.gz Archive = /var/log/maillog.25.gz Archive = /var/log/maillog.24.gz Archive = /var/log/maillog.23.gz Archive = /var/log/maillog.22.gz Archive = /var/log/maillog.21.gz Archive = /var/log/maillog.20.gz Archive = /var/log/maillog.2.gz Archive = /var/log/maillog.19.gz Archive = /var/log/maillog.18.gz Archive = /var/log/maillog.17.gz Archive = /var/log/maillog.16.gz Archive = /var/log/maillog.15.gz Archive = /var/log/maillog.14.gz Archive = /var/log/maillog.13.gz Archive = /var/log/maillog.12.gz Archive = /var/log/maillog.11.gz Archive = /var/log/maillog.10.gz Archive = /var/log/maillog.1.gz Archive = /var/log/maillog-20121230 Logfile Name: up2date Logfile Name: cisco Logfile Name: cron 001-*removeservice = anacron 000-*onlyhost = Logfile = /var/log/cron Archive = /var/log/cron.9.gz Archive = /var/log/cron.8.gz Archive = /var/log/cron.7.gz Archive = /var/log/cron.6.gz Archive = /var/log/cron.5.gz Archive = /var/log/cron.4.gz Archive = /var/log/cron.3.gz Archive = /var/log/cron.29.gz Archive = /var/log/cron.28.gz Archive = /var/log/cron.27.gz Archive = /var/log/cron.26.gz Archive = /var/log/cron.25.gz Archive = /var/log/cron.24.gz Archive = /var/log/cron.23.gz Archive = /var/log/cron.22.gz Archive = /var/log/cron.21.gz Archive = /var/log/cron.20.gz Archive = /var/log/cron.2.gz Archive = /var/log/cron.19.gz Archive = /var/log/cron.18.gz Archive = /var/log/cron.17.gz Archive = /var/log/cron.16.gz Archive = /var/log/cron.15.gz Archive = /var/log/cron.14.gz Archive = /var/log/cron.13.gz Archive = /var/log/cron.12.gz Archive = /var/log/cron.11.gz Archive = /var/log/cron.10.gz Archive = /var/log/cron.1.gz Archive = /var/log/cron-20121230 Logfile Name: yum Logfile = /var/log/yum.log Logfile Name: tac_acc 000-*applystddate = Logfile Name: exim Logfile Name: syslog 001-*removeservice = talkd,telnetd,inetd,nfsd,/sbin/mingetty 000-*expandrepeats = 003-*applystddate = 002-*onlyhost = Logfile Name: dnssec 000-*expandrepeats = 001-*applybinddate = Logfile Name: netscreen 000-*applystddate = Logfile Name: autorpm Logfile Name: dpkg 000-*applyeurodate = LogFiles that will be processed: [0] = maillog [1] = qmail-pop3d-current [2] = denyhosts [3] = secure [4] = messages [5] = eventlog [6] = qmail-send-current [7] = none [8] = samba [9] = clam-update [10] = extreme-networks [11] = resolver [12] = qmail-pop3ds-current [13] = netopia [14] = fail2ban [15] = pix [16] = xferlog [17] = cisco [18] = cron [19] = netscreen [20] = dnssec [21] = qmail-smtpd-current [22] = windows [23] = vsftpd [24] = php [25] = emerge [26] = http [27] = bfd [28] = sonicwall [29] = iptables [30] = pureftp [31] = rt314 [32] = up2date [33] = yum [34] = tac_acc [35] = exim [36] = autorpm [37] = dpkg Made Temp Dir: /var/cache/logwatch/logwatch.tOKLrjds with tempdir export LOGWATCH_DATE_RANGE='yesterday' export LOGWATCH_OUTPUT_TYPE='unformatted' export LOGWATCH_TEMP_DIR='/var/cache/logwatch/logwatch.tOKLrjds/' export LOGWATCH_DEBUG='10' Preprocessing LogFile: maillog '/var/cache/logwatch/logwatch.tOKLrjds/maillog-archive' '/var/log/maillog' | /usr/bin/perl /usr/share/logwatch/scripts/shared/expandrepeats ''| /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyhost ''| /usr/bin/perl /usr/share/logwatch/scripts/shared/applystddate ''>/var/cache/logwatch/logwatch.tOKLrjds/maillog Preprocessing LogFile: secure '/var/cache/logwatch/logwatch.tOKLrjds/secure-archive' '/var/log/secure' | /usr/bin/perl /usr/share/logwatch/scripts/shared/expandrepeats ''| /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyhost ''| /usr/bin/perl /usr/share/logwatch/scripts/shared/applystddate ''>/var/cache/logwatch/logwatch.tOKLrjds/secure Preprocessing LogFile: messages '/var/cache/logwatch/logwatch.tOKLrjds/messages-archive' '/var/log/messages' | /usr/bin/perl /usr/share/logwatch/scripts/shared/expandrepeats ''| /usr/bin/perl /usr/share/logwatch/scripts/shared/removeservice 'talkd,telnetd,inetd,nfsd,/sbin/mingetty,netscreen,netscreen'| /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyhost ''| /usr/bin/perl /usr/share/logwatch/scripts/shared/applystddate ''>/var/cache/logwatch/logwatch.tOKLrjds/messages Preprocessing LogFile: cron '/var/cache/logwatch/logwatch.tOKLrjds/cron-archive' '/var/log/cron' | /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyhost ''| /usr/bin/perl /usr/share/logwatch/scripts/shared/removeservice 'anacron'| /usr/bin/perl /usr/share/logwatch/scripts/logfiles/cron/applydate>/var/cache/logwatch/logwatch.tOKLrjds/cron Preprocessing LogFile: http '/var/cache/logwatch/logwatch.tOKLrjds/http-archive' '/var/log/httpd/access_log' | /usr/bin/perl /usr/share/logwatch/scripts/shared/expandrepeats ''| /usr/bin/perl /usr/share/logwatch/scripts/shared/applyhttpdate ''>/var/cache/logwatch/logwatch.tOKLrjds/http Preprocessing LogFile: yum '/var/log/yum.log' | /usr/bin/perl /usr/share/logwatch/scripts/logfiles/yum/applydate>/var/cache/logwatch/logwatch.tOKLrjds/yum Processing Service: amavis ( cat /var/cache/logwatch/logwatch.tOKLrjds/maillog | /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyservice '(amavis|dccproc)' |/usr/bin/perl /usr/share/logwatch/scripts/shared/removeheaders '' |/usr/bin/perl /usr/share/logwatch/scripts/services/amavis) 2>&1 export clamav_ignoreunmatched='0' export clamav_ignoreunmatched='0' Processing Service: clamav-milter ( cat /var/cache/logwatch/logwatch.tOKLrjds/maillog | /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyservice 'clamav-milter' |/usr/bin/perl /usr/share/logwatch/scripts/shared/removeheaders '' |/usr/bin/perl /usr/share/logwatch/scripts/services/clamav-milter) 2>&1 export courier_enable='1' export courier_ip_lookup='0' export courier_printmailqueue='0' export courier_tables='0' Processing Service: courier ( cat /var/cache/logwatch/logwatch.tOKLrjds/maillog | /usr/bin/perl /usr/share/logwatch/scripts/services/courier) 2>&1 Processing Service: cron ( cat /var/cache/logwatch/logwatch.tOKLrjds/cron | /usr/bin/perl /usr/share/logwatch/scripts/services/cron) 2>&1 Processing Service: dovecot ( cat /var/cache/logwatch/logwatch.tOKLrjds/maillog | /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyservice '(imap-login|pop3-login|dovecot)' |/usr/bin/perl /usr/share/logwatch/scripts/services/dovecot) 2>&1 export ftpd_ignore_unmatched='0' export detail_transfer='1' export http_ignore_error_hacks='0' export http_user_display='0' Processing Service: http ( cat /var/cache/logwatch/logwatch.tOKLrjds/http | /usr/bin/perl /usr/share/logwatch/scripts/services/http) 2>&1 Processing Service: imapd ( cat /var/cache/logwatch/logwatch.tOKLrjds/maillog | /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyservice '(imapd|imapd-ssl|imapsd)' |/usr/bin/perl /usr/share/logwatch/scripts/shared/removeheaders '' |/usr/bin/perl /usr/share/logwatch/scripts/services/imapd) 2>&1 Processing Service: in.qpopper ( cat /var/cache/logwatch/logwatch.tOKLrjds/maillog | /usr/bin/perl /usr/share/logwatch/scripts/shared/multiservice 'in.qpopper,qpopper' |/usr/bin/perl /usr/share/logwatch/scripts/shared/removeheaders '' |/usr/bin/perl /usr/share/logwatch/scripts/services/in.qpopper) 2>&1 Processing Service: ipop3d