Does logwatch run automatically, or do I need to make a cron entry for it? How can I reset logwatch? When I run logwatch from the command line twice, it sends the same email twice.
View 4 Replieshow to configure Logwatch? where can I find its config file? I never configure it but I received email everyday from Logwatch@mydomain.com..
View 1 Replies View Relatedi was wondering if there is anybody out there who has logwatch running and configured to just grab dhcp leases only
View 3 Replies View RelatedI've installed Logwatch 7.3.6 via the rpm on my CentOS 5.4 server. The issue is I'm getting basically empty reports from logwatch. The only two sections which have any information are samba and diskspace.
The only default options in the config file I've modified are: Code: print = No output = html I'm suspecting the issue has to do with the fact that the as-logged host name doesn't match my current host name. However, I've tried manually changing this on a few entries so they match but they didn't show up in the report. According to the config file, the default for option HostLimit is "No" -- so Logwatch should not care what hostname it sees in a log file, right?
I am receving emails from logwatch but when I setup my own mail script using mutt, the script succeeds but no email is received.Any ideas what the difference is between the two mail methods?
View 14 Replies View RelatedIn this part of logwatch:
Code:
--------------------- httpd Begin ------------------------
0.12 MB transferred in 11 responses (1xx 0, 2xx 8, 3xx 0, 4xx 3, 5xx 0)
[code]....
This problem is occurring on Red Hat EL 5 WS. However, I have two CentOS 5 systems, with similar configuration to RH EL 5, where this problem does not occur.
I am getting this error:
Can't exec "sendmail": No such file or directory at ./0logwatch line 1018, <TESTFILE> line 1.
Can't execute sendmail -t: No such file or directory
When I installed Cent before I got my logwatch messages sent to me. for somreason this new server I built I am not getting them. can mail off the server and there is no mail in the Q or in root. I also put in a .forward file in my root to mail to my external account and it works fine. I get mail from fail2ban and denyhosts but not the logwatch.Thoughts on what I could be missing? I check the link and the files are all there. I changed the config file to give me a High level of detail. Thats about it. If I use the command line for logwatch it sends mail fine. logwatch --detail high --logfile messages --mailto yourname@domain.com
View 6 Replies View RelatedI was advised by a fellow forum owner to install logwatch as a security precaution. Our forum runs on a dedicated server. CentOS 5.5. I ran "yum install logwatch" and got the following:
Code:
Examining logwatch-7.3.6-1.noarch.rpm: logwatch-7.3.6-1.noarch
Marking logwatch-7.3.6-1.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package logwatch.noarch 0:7.3.6-1 set to be updated
--> Finished Dependency Resolution
[Code]...
I'm having some issues on a server running redhat for specific application and lately it has been for some reason kicking out some services. I just checked the Logwatch mail on the root user and here is one of the main error:
[code]...
I have a squid proxy server (which I am very new too) which all traffic from my office goes through. The proxy itself is working fine, but I can not get logwatch to email me a daily summary. logrotate seems to be throwing an error:
# logrotate /etc/logrotate.conf
error: squid:1 duplicate log entry for /var/log/squid/access.log
My /etc/logrotate.d/squid file is below... My access logs are in /logs/squid not in /var/log/squid.
[Code]...
How to get logwatch working with shorewall logs. I tried fwlogwatch but could not get that working.
View 1 Replies View RelatedI'm trying to get logwatch to email me. I think my logwatch.conf file is okay. I have postfix installed. The mailer as far as I can tell is set correctly ("usr/bin/mail"). When I run logwatch - I get "no mail for aubrey"
Heres my logwatch.conf file:
Code:
linux-qwkb:/home/aubrey # edit /usr/share/logwatch/default.conf/logwatch.conf
########################################################
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
#
######################################################## .....
Gidday, for some reason some of my RHEL servers don't send out a daily logwatch email (most do, but two don't) - and sadly I have no idea how to troubleshoot this.
Can anybody give some help/hints as to where/how I may troubleshoot this. I should add that these servers can/do send emails (I have some cronjobs that fire off emails upon completion of their jobs, so I know its not a sendmail config issue).
Logwatch has been showing me there is kernal errors present on my server.Below is the full report from logwatch, please let me know if there is anything I should be aware of and fix.
View 1 Replies View RelatedDoes anyone know the trick to getting Logwatch to make its entries a little less chatty and leave out the "Detailed" section of the Postfix report? I can't seem to tone it down and the daily reports I get include every recipient, host, etc., which is too much info to make a summary report useful.The first portion I get looks like this:
****** Summary *************************************************
9 *Warning: Pre-queue content-filter connection overload
2 SASL authentication failed
432 Miscellaneous warnings[code]....
This would be fine for a quick review that I do first thing. However,the "Detailed" portion that follows is over 2,800 lines long!
Everyday logwatch sends me the following information from IPTables and it seems odd, can anyone tell me are these entries odd, they all seem to be to two ports 28960 and 28964
[Code]....
I have a server, running Centos 5.5. It runs daily rkhunter and logwatch. From both I get a daily mail.
I have a desktop computer, running Fedora 13 (almost 14...). It runs also a daily rkhunter and logwatch. But I get ONE mail from logwatch, which contains the result of rkhunter.
On the server, I want also only mail from logwatch, containing the rkhunter results. But so far, no luck.
How can I get the rkhunter results in the logwatch mail on my Centos server?
I have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
/cgi-bin/blocked.cgi?clientaddr=192.168.1.108&clientname=&clientident=&clientgroup=limitedaccess&targetclass= untrusted&url=http://adfarm.mediaplex.com/ad/fm/9608-84171-8772-2?
[code]...
Is their a more secure way to handle logwatch reports, rather than using email?
View 5 Replies View RelatedI have logwatch 5.2.2 setup for 51 RHEL servers (mostly RHEL 4.8) and they all forward to a central server for a single email to be sent each day. This part works great. However, the "Disk Space" section is identical for every one of the entries. Obviously, this cannot be true for every server. What do I need to adjust such that real disk space data is being reported (or at least reported for the servers that are running low)?
The other entries like sendmail, pam_unix, and sshd data are working great and unique for each server.
I have CentOS 5.4 running my file server. I finally got proftpd to work. I configured logwatch to send me email on a daily basis however I would like to be sent an email immediately when the proftpd log file changes. Is this possible?
View 5 Replies View RelatedI've suddenly stopped getting emails from logwatch which runs on an Ubuntu server daily using cron.After a good day or so of troubleshooting, I was able to establish that it was the 'Service = named' line in my logwatch.conf file, which was stopping the emails from coming through. If I commented out this line, the logwatch emails come through with no issues, uncomment, and I don't get an email. I don't get any error from logwatch itself when I run it, even with '--debug high', leading me to think that my email configuration is setup ok, at least. Furthermore, I tried running logwatch with '--output file --format html' and logwatch produces a valid html file.
I then thought: "Could I have a entry in my Bind/named log files which could be rejected by my ISP's smtp server?". So, (to the best of my knowledge) I cleared out the log files in /var/log that contained messages from named. I then ran logwatch (including the named service in my logwatch.conf file) and I got an email through, with a pretty much empty named section, which is exactly what I anticipated. Great! - it's fixed.
So, the cron.daily ran early this morning, but still no email in my inbox when I got up. I then tried to run 'logwatch --Range today' and lo and behold, I got a logwatch report email, which included a named section, with log entries in there. So it seems that something that's been logged by named overnight to my logfiles (i.e. '--Range yesterday') has caused issues again with logwatch's ability to send reports through my ISP's smtp servers.
I'm not concerned about this since this traffic is generated from the loopback address, but would like to find out what it is.
[code]...
i want to make sure my mail server is behaving as expected. the past two nights, i've received logwatch notices below. the section in question is the 20 or so deferrals from some .ru e-mail address. i've since removed the user that registered on my wordpress blog (wlvp@yandex.ru) and added the three IP address to iptables DROP, but these "e-mails" still look like they're in some queue unless i'm reading wrong. i've removed known usernames in case you find the numbers useful. why are all these deferred messages here? if they're stuck in a queue, can i remove them?
View 2 Replies View RelatedI have currently 7 servers that report logwatch every day.Fact is that it's lot of information to process every day, I would like to have as short as possible overview of events happened in last 24h is only critical/warning information . It would be + if all servers output could be gathered in 1 email
View 2 Replies View Relatedhow do I decipher the following entries from sendmail log:ruleset=check_relay, arg1=[120.2.197.187], arg2=127.0.0.11, relay=[120.2.197.187], reject=553 5.3.0 Rejected - your IP is blacklisted by http://www.spamhaus.org: 1 Time(s)
View 3 Replies View RelatedMy ISP blocks outgoing email if it does not login properly with a valid account. I successfully configured sendmail to use SMART_HOST and confAUTH_OPTIONS with confAUTH_MECHANISM set to LOGIN PLAIN.
It successfully sends email because I tested it with evolution sending through 127.0.0.1, but I need to specify myacount@mydomain.com as the email address for root.
But it doesn't work for logwatch because it sends as from root@localhost.localdomain, and my ISP's smtp server rejects it. The message I get back in root@localhost account is the following:
----- Transcript of session follows -----
... while talking to smtp.mydomain.com.:
>>> MAIL From:<root@localhost.localdomain> SIZE=581 AUTH=<>
<<< 550 5.7.1 Client does not have permissions to send as this sender
554 5.0.0 Service unavailable
I thought that I should masquerade all emails from this domain, so I configured sendmail as specified in [1] section "24.3.1.4. Masquerading", but it doesn't work. It seems that masquerading in sendmail is broken or something is wrong in the documentation.
[1] [URL]
I have sendmail 8.13.8-2 and centos-release-5-4.el5.centos.1.
Is there a way to specify the "From:myacount@mydomain.com" in logwatch ? or Is there a way to make it work the masquerading in sendmail so I can masquerade everything as coming from a specific account?
I occasionally see messages in my logwatch report then cannot find the actual log entry. Is there any way I can have logwatch give a clearer report?an example:
vsftpd:
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=ftp ruser=a-specific-user
[code]....
We have following setup,
1. Webserver (Centos 5.5)
2. Mail server (Centos 5.5)
We have configured autossh successfully to create/manage the ssh tunnel into mail server in order to dump all emails to localhost port.
To auto start autossh in boot time we have included following into /etc/rc.d/rc.local,
Quote:
So whenever our web application wants to send out emails it dump all emails to localhost:33465 port, easy piecy, all are working great
Now we have a requirement that logwatch reports should get delivered via the same ssh tunnel rather than installing postfix and configuring as a relay.
In logwatch is there a way to achieve that?