Inhaltsverzeichnis
Logwatch
Logwatch ist ein konfigurierbares Log-Analyse-System. Es analysiert System-Log-Dateien und erstellt entsprechende Auswertungen, in Bereiche unterteilt, welche ebenfalls konfigurierbar sind.
Ab hier werden root-Rechte zur Ausführung der nachfolgenden Befehle benötigt. Um root zu werden geben Sie bitte folgenden Befehl ein:
$ su - Password:
Installation
Jede ernst zunehmende Linux-Distribution sollte ein vorkonfiguriertes Logwatch-Paket mit sich bringen. Deswegen ist eine Installation auch unter CentOS eine Sache des Paket-Managers yum.
Zur Installation von Logwatch wird nachfolgendes Paket benötigt:
installiert werden.
Mit nachfolgendem Befehl, wird das Pakete logwatch installiert:
# yum install logwatch Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package logwatch.noarch 0:7.3.6-49.el6 will be installed --> Processing Dependency: perl(Date::Manip) for package: logwatch-7.3.6-49.el6.noarch --> Running transaction check ---> Package perl-Date-Manip.noarch 0:6.24-1.el6 will be installed --> Processing Dependency: perl(YAML::Syck) for package: perl-Date-Manip-6.24-1.el6.noarch --> Running transaction check ---> Package perl-YAML-Syck.x86_64 0:1.07-4.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: logwatch noarch 7.3.6-49.el6 base 298 k Installing for dependencies: perl-Date-Manip noarch 6.24-1.el6 base 1.4 M perl-YAML-Syck x86_64 1.07-4.el6 base 75 k Transaction Summary ================================================================================ Install 3 Package(s) Total download size: 1.7 M Installed size: 11 M Is this ok [y/N]: y Downloading Packages: (1/3): logwatch-7.3.6-49.el6.noarch.rpm | 298 kB 00:00 (2/3): perl-Date-Manip-6.24-1.el6.noarch.rpm | 1.4 MB 00:00 (3/3): perl-YAML-Syck-1.07-4.el6.x86_64.rpm | 75 kB 00:00 -------------------------------------------------------------------------------- Total 12 MB/s | 1.7 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : perl-YAML-Syck-1.07-4.el6.x86_64 1/3 Installing : perl-Date-Manip-6.24-1.el6.noarch 2/3 Installing : logwatch-7.3.6-49.el6.noarch 3/3 Installed: logwatch.noarch 0:7.3.6-49.el6 Dependency Installed: perl-Date-Manip.noarch 0:6.24-1.el6 perl-YAML-Syck.x86_64 0:1.07-4.el6 Complete!
Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket logwatch installiert wurden.
# rpm -qil logwatch Name : logwatch Relocations: (not relocatable) Version : 7.3.6 Vendor: CentOS Release : 49.el6 Build Date: Sat 25 Jun 2011 12:17:38 PM CEST Install Date: Sun 11 Mar 2012 06:57:19 AM CET Build Host: c6b5.bsys.dev.centos.org Group : Applications/System Source RPM: logwatch-7.3.6-49.el6.src.rpm Size : 1308246 License: MIT Signature : RSA/8, Wed 06 Jul 2011 03:40:39 AM CEST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.logwatch.org/ Summary : A log file analysis program Description : Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Easy to use - works right out of the package on many systems. /etc/cron.daily/0logwatch /etc/logwatch /etc/logwatch/conf /etc/logwatch/conf/ignore.conf /etc/logwatch/conf/logfiles /etc/logwatch/conf/logwatch.conf /etc/logwatch/conf/override.conf /etc/logwatch/conf/services /etc/logwatch/scripts /etc/logwatch/scripts/services /usr/sbin/logwatch /usr/share/doc/logwatch-7.3.6 /usr/share/doc/logwatch-7.3.6/CHANGES /usr/share/doc/logwatch-7.3.6/HOWTO-Customize-LogWatch /usr/share/doc/logwatch-7.3.6/License /usr/share/doc/logwatch-7.3.6/README /usr/share/logwatch /usr/share/logwatch/default.conf /usr/share/logwatch/default.conf/html /usr/share/logwatch/default.conf/html/footer.html /usr/share/logwatch/default.conf/html/header.html /usr/share/logwatch/default.conf/logfiles /usr/share/logwatch/default.conf/logfiles/autorpm.conf /usr/share/logwatch/default.conf/logfiles/bfd.conf /usr/share/logwatch/default.conf/logfiles/cisco.conf /usr/share/logwatch/default.conf/logfiles/clam-update.conf /usr/share/logwatch/default.conf/logfiles/cron.conf /usr/share/logwatch/default.conf/logfiles/daemon.conf /usr/share/logwatch/default.conf/logfiles/denyhosts.conf /usr/share/logwatch/default.conf/logfiles/dnssec.conf /usr/share/logwatch/default.conf/logfiles/dpkg.conf /usr/share/logwatch/default.conf/logfiles/emerge.conf /usr/share/logwatch/default.conf/logfiles/eventlog.conf /usr/share/logwatch/default.conf/logfiles/exim.conf /usr/share/logwatch/default.conf/logfiles/extreme-networks.conf /usr/share/logwatch/default.conf/logfiles/fail2ban.conf /usr/share/logwatch/default.conf/logfiles/http.conf /usr/share/logwatch/default.conf/logfiles/iptables.conf /usr/share/logwatch/default.conf/logfiles/kernel.conf /usr/share/logwatch/default.conf/logfiles/maillog.conf /usr/share/logwatch/default.conf/logfiles/messages.conf /usr/share/logwatch/default.conf/logfiles/netopia.conf /usr/share/logwatch/default.conf/logfiles/netscreen.conf /usr/share/logwatch/default.conf/logfiles/php.conf /usr/share/logwatch/default.conf/logfiles/pix.conf /usr/share/logwatch/default.conf/logfiles/pureftp.conf /usr/share/logwatch/default.conf/logfiles/qmail-pop3d-current.conf /usr/share/logwatch/default.conf/logfiles/qmail-pop3ds-current.conf /usr/share/logwatch/default.conf/logfiles/qmail-send-current.conf /usr/share/logwatch/default.conf/logfiles/qmail-smtpd-current.conf /usr/share/logwatch/default.conf/logfiles/resolver.conf /usr/share/logwatch/default.conf/logfiles/rt314.conf /usr/share/logwatch/default.conf/logfiles/samba.conf /usr/share/logwatch/default.conf/logfiles/secure.conf /usr/share/logwatch/default.conf/logfiles/sonicwall.conf /usr/share/logwatch/default.conf/logfiles/syslog.conf /usr/share/logwatch/default.conf/logfiles/tac_acc.conf /usr/share/logwatch/default.conf/logfiles/up2date.conf /usr/share/logwatch/default.conf/logfiles/vsftpd.conf /usr/share/logwatch/default.conf/logfiles/windows.conf /usr/share/logwatch/default.conf/logfiles/xferlog.conf /usr/share/logwatch/default.conf/logfiles/yum.conf /usr/share/logwatch/default.conf/logwatch.conf /usr/share/logwatch/default.conf/services /usr/share/logwatch/default.conf/services/afpd.conf /usr/share/logwatch/default.conf/services/amavis.conf /usr/share/logwatch/default.conf/services/arpwatch.conf /usr/share/logwatch/default.conf/services/audit.conf /usr/share/logwatch/default.conf/services/automount.conf /usr/share/logwatch/default.conf/services/autorpm.conf /usr/share/logwatch/default.conf/services/bfd.conf /usr/share/logwatch/default.conf/services/cisco.conf /usr/share/logwatch/default.conf/services/clam-update.conf /usr/share/logwatch/default.conf/services/clamav-milter.conf /usr/share/logwatch/default.conf/services/clamav.conf /usr/share/logwatch/default.conf/services/courier.conf /usr/share/logwatch/default.conf/services/cron.conf /usr/share/logwatch/default.conf/services/denyhosts.conf /usr/share/logwatch/default.conf/services/dhcpd.conf /usr/share/logwatch/default.conf/services/dnssec.conf /usr/share/logwatch/default.conf/services/dovecot.conf /usr/share/logwatch/default.conf/services/dpkg.conf /usr/share/logwatch/default.conf/services/emerge.conf /usr/share/logwatch/default.conf/services/evtapplication.conf /usr/share/logwatch/default.conf/services/evtsecurity.conf /usr/share/logwatch/default.conf/services/evtsystem.conf /usr/share/logwatch/default.conf/services/exim.conf /usr/share/logwatch/default.conf/services/eximstats.conf /usr/share/logwatch/default.conf/services/extreme-networks.conf /usr/share/logwatch/default.conf/services/fail2ban.conf /usr/share/logwatch/default.conf/services/ftpd-messages.conf /usr/share/logwatch/default.conf/services/ftpd-xferlog.conf /usr/share/logwatch/default.conf/services/http.conf /usr/share/logwatch/default.conf/services/identd.conf /usr/share/logwatch/default.conf/services/imapd.conf /usr/share/logwatch/default.conf/services/in.qpopper.conf /usr/share/logwatch/default.conf/services/init.conf /usr/share/logwatch/default.conf/services/ipop3d.conf /usr/share/logwatch/default.conf/services/iptables.conf /usr/share/logwatch/default.conf/services/kernel.conf /usr/share/logwatch/default.conf/services/mailscanner.conf /usr/share/logwatch/default.conf/services/modprobe.conf /usr/share/logwatch/default.conf/services/mountd.conf /usr/share/logwatch/default.conf/services/named.conf /usr/share/logwatch/default.conf/services/netopia.conf /usr/share/logwatch/default.conf/services/netscreen.conf /usr/share/logwatch/default.conf/services/oidentd.conf /usr/share/logwatch/default.conf/services/openvpn.conf /usr/share/logwatch/default.conf/services/pam.conf /usr/share/logwatch/default.conf/services/pam_pwdb.conf /usr/share/logwatch/default.conf/services/pam_unix.conf /usr/share/logwatch/default.conf/services/php.conf /usr/share/logwatch/default.conf/services/pix.conf /usr/share/logwatch/default.conf/services/pluto.conf /usr/share/logwatch/default.conf/services/pop3.conf /usr/share/logwatch/default.conf/services/portsentry.conf /usr/share/logwatch/default.conf/services/postfix.conf /usr/share/logwatch/default.conf/services/pound.conf /usr/share/logwatch/default.conf/services/proftpd-messages.conf /usr/share/logwatch/default.conf/services/pureftpd.conf /usr/share/logwatch/default.conf/services/qmail-pop3d.conf /usr/share/logwatch/default.conf/services/qmail-pop3ds.conf /usr/share/logwatch/default.conf/services/qmail-send.conf /usr/share/logwatch/default.conf/services/qmail-smtpd.conf /usr/share/logwatch/default.conf/services/qmail.conf /usr/share/logwatch/default.conf/services/raid.conf /usr/share/logwatch/default.conf/services/resolver.conf /usr/share/logwatch/default.conf/services/rt314.conf /usr/share/logwatch/default.conf/services/samba.conf /usr/share/logwatch/default.conf/services/saslauthd.conf /usr/share/logwatch/default.conf/services/scsi.conf /usr/share/logwatch/default.conf/services/secure.conf /usr/share/logwatch/default.conf/services/sendmail-largeboxes.conf /usr/share/logwatch/default.conf/services/sendmail.conf /usr/share/logwatch/default.conf/services/shaperd.conf /usr/share/logwatch/default.conf/services/slon.conf /usr/share/logwatch/default.conf/services/smartd.conf /usr/share/logwatch/default.conf/services/sonicwall.conf /usr/share/logwatch/default.conf/services/sshd.conf /usr/share/logwatch/default.conf/services/sshd2.conf /usr/share/logwatch/default.conf/services/stunnel.conf /usr/share/logwatch/default.conf/services/sudo.conf /usr/share/logwatch/default.conf/services/syslogd.conf /usr/share/logwatch/default.conf/services/tac_acc.conf /usr/share/logwatch/default.conf/services/up2date.conf /usr/share/logwatch/default.conf/services/vpopmail.conf /usr/share/logwatch/default.conf/services/vsftpd.conf /usr/share/logwatch/default.conf/services/windows.conf /usr/share/logwatch/default.conf/services/xntpd.conf /usr/share/logwatch/default.conf/services/yum.conf /usr/share/logwatch/default.conf/services/zz-disk_space.conf /usr/share/logwatch/default.conf/services/zz-fortune.conf /usr/share/logwatch/default.conf/services/zz-network.conf /usr/share/logwatch/default.conf/services/zz-runtime.conf /usr/share/logwatch/default.conf/services/zz-sys.conf /usr/share/logwatch/dist.conf /usr/share/logwatch/dist.conf/logfiles /usr/share/logwatch/dist.conf/services /usr/share/logwatch/lib /usr/share/logwatch/lib/Logwatch.pm /usr/share/logwatch/scripts /usr/share/logwatch/scripts/logfiles /usr/share/logwatch/scripts/logfiles/autorpm /usr/share/logwatch/scripts/logfiles/autorpm/applydate /usr/share/logwatch/scripts/logfiles/cron /usr/share/logwatch/scripts/logfiles/cron/applydate /usr/share/logwatch/scripts/logfiles/emerge /usr/share/logwatch/scripts/logfiles/emerge/applydate /usr/share/logwatch/scripts/logfiles/samba /usr/share/logwatch/scripts/logfiles/samba/applydate /usr/share/logwatch/scripts/logfiles/samba/removeheaders /usr/share/logwatch/scripts/logfiles/up2date /usr/share/logwatch/scripts/logfiles/up2date/applydate /usr/share/logwatch/scripts/logfiles/up2date/removeheaders /usr/share/logwatch/scripts/logfiles/xferlog /usr/share/logwatch/scripts/logfiles/xferlog/applydate /usr/share/logwatch/scripts/logfiles/xferlog/removeheaders /usr/share/logwatch/scripts/logfiles/yum /usr/share/logwatch/scripts/logfiles/yum/applydate /usr/share/logwatch/scripts/logwatch.pl /usr/share/logwatch/scripts/services /usr/share/logwatch/scripts/services/afpd /usr/share/logwatch/scripts/services/amavis /usr/share/logwatch/scripts/services/arpwatch /usr/share/logwatch/scripts/services/audit /usr/share/logwatch/scripts/services/automount /usr/share/logwatch/scripts/services/autorpm /usr/share/logwatch/scripts/services/bfd /usr/share/logwatch/scripts/services/cisco /usr/share/logwatch/scripts/services/clam-update /usr/share/logwatch/scripts/services/clamav /usr/share/logwatch/scripts/services/clamav-milter /usr/share/logwatch/scripts/services/courier /usr/share/logwatch/scripts/services/cron /usr/share/logwatch/scripts/services/denyhosts /usr/share/logwatch/scripts/services/dhcpd /usr/share/logwatch/scripts/services/dnssec /usr/share/logwatch/scripts/services/dovecot /usr/share/logwatch/scripts/services/dpkg /usr/share/logwatch/scripts/services/emerge /usr/share/logwatch/scripts/services/evtapplication /usr/share/logwatch/scripts/services/evtsecurity /usr/share/logwatch/scripts/services/evtsystem /usr/share/logwatch/scripts/services/exim /usr/share/logwatch/scripts/services/eximstats /usr/share/logwatch/scripts/services/extreme-networks /usr/share/logwatch/scripts/services/fail2ban /usr/share/logwatch/scripts/services/ftpd-messages /usr/share/logwatch/scripts/services/ftpd-xferlog /usr/share/logwatch/scripts/services/http /usr/share/logwatch/scripts/services/identd /usr/share/logwatch/scripts/services/imapd /usr/share/logwatch/scripts/services/in.qpopper /usr/share/logwatch/scripts/services/init /usr/share/logwatch/scripts/services/ipop3d /usr/share/logwatch/scripts/services/iptables /usr/share/logwatch/scripts/services/kernel /usr/share/logwatch/scripts/services/mailscanner /usr/share/logwatch/scripts/services/modprobe /usr/share/logwatch/scripts/services/mountd /usr/share/logwatch/scripts/services/named /usr/share/logwatch/scripts/services/netopia /usr/share/logwatch/scripts/services/netscreen /usr/share/logwatch/scripts/services/oidentd /usr/share/logwatch/scripts/services/openvpn /usr/share/logwatch/scripts/services/pam /usr/share/logwatch/scripts/services/pam_pwdb /usr/share/logwatch/scripts/services/pam_unix /usr/share/logwatch/scripts/services/php /usr/share/logwatch/scripts/services/pix /usr/share/logwatch/scripts/services/pluto /usr/share/logwatch/scripts/services/pop3 /usr/share/logwatch/scripts/services/portsentry /usr/share/logwatch/scripts/services/postfix /usr/share/logwatch/scripts/services/pound /usr/share/logwatch/scripts/services/proftpd-messages /usr/share/logwatch/scripts/services/pureftpd /usr/share/logwatch/scripts/services/qmail /usr/share/logwatch/scripts/services/qmail-pop3d /usr/share/logwatch/scripts/services/qmail-pop3ds /usr/share/logwatch/scripts/services/qmail-send /usr/share/logwatch/scripts/services/qmail-smtpd /usr/share/logwatch/scripts/services/raid /usr/share/logwatch/scripts/services/resolver /usr/share/logwatch/scripts/services/rt314 /usr/share/logwatch/scripts/services/samba /usr/share/logwatch/scripts/services/saslauthd /usr/share/logwatch/scripts/services/scsi /usr/share/logwatch/scripts/services/secure /usr/share/logwatch/scripts/services/sendmail /usr/share/logwatch/scripts/services/sendmail-largeboxes /usr/share/logwatch/scripts/services/shaperd /usr/share/logwatch/scripts/services/slon /usr/share/logwatch/scripts/services/smartd /usr/share/logwatch/scripts/services/sonicwall /usr/share/logwatch/scripts/services/sshd /usr/share/logwatch/scripts/services/sshd2 /usr/share/logwatch/scripts/services/stunnel /usr/share/logwatch/scripts/services/sudo /usr/share/logwatch/scripts/services/syslogd /usr/share/logwatch/scripts/services/tac_acc /usr/share/logwatch/scripts/services/up2date /usr/share/logwatch/scripts/services/vpopmail /usr/share/logwatch/scripts/services/vsftpd /usr/share/logwatch/scripts/services/windows /usr/share/logwatch/scripts/services/xntpd /usr/share/logwatch/scripts/services/yum /usr/share/logwatch/scripts/services/zz-disk_space /usr/share/logwatch/scripts/services/zz-fortune /usr/share/logwatch/scripts/services/zz-network /usr/share/logwatch/scripts/services/zz-runtime /usr/share/logwatch/scripts/services/zz-sys /usr/share/logwatch/scripts/shared /usr/share/logwatch/scripts/shared/applybinddate /usr/share/logwatch/scripts/shared/applyeurodate /usr/share/logwatch/scripts/shared/applyhttpdate /usr/share/logwatch/scripts/shared/applystddate /usr/share/logwatch/scripts/shared/applytaidate /usr/share/logwatch/scripts/shared/applyusdate /usr/share/logwatch/scripts/shared/applyvsftpddate /usr/share/logwatch/scripts/shared/eventlogonlyservice /usr/share/logwatch/scripts/shared/eventlogremoveservice /usr/share/logwatch/scripts/shared/expandrepeats /usr/share/logwatch/scripts/shared/hosthash /usr/share/logwatch/scripts/shared/hostlist /usr/share/logwatch/scripts/shared/multiservice /usr/share/logwatch/scripts/shared/onlycontains /usr/share/logwatch/scripts/shared/onlyhost /usr/share/logwatch/scripts/shared/onlyservice /usr/share/logwatch/scripts/shared/remove /usr/share/logwatch/scripts/shared/removeheaders /usr/share/logwatch/scripts/shared/removeservice /usr/share/man/man8/logwatch.8.gz /var/cache/logwatch
/etc/cron.daily
Nach der erfolgreichen Installation befindet sich eine „Start“-Skript, mit nachfolgend genanntem Namen, in nachfolgend aufgeführtem Verzeichnis:
/etc/cron.daily/0logwatch
HINWEIS - Logwatch ist bereits jetzt Vorkonfiguriert einsetzbar !