On Debian 10 and 11 hosts the e-mail logwatch generates has section like
this:
- fail2ban-messages Begin
Banned services with Fail2Ban: Bans:Unbans
postfix-sasl: [ 3:3
Am 20.11.2023 um 21:56:02 Uhr schrieb fxkl4...@protonmail.com:
> export LOGWATCH_LOGFILE_LIST='/var/log/daemon.log '
>
> it seems my bookworm doesn't have a daemon log
Then tune syslog to create that file or let logwatch use another file
that contains the logs.
On 21/11/2023 04:56, fxkl4...@protonmail.com wrote:
it seems my bookworm doesn't have a daemon log
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#rsyslog-creates-fewer-logfiles
Chapter 5. Issues to be aware of for bookworm
5.1.9. rsyslog creates fewer log
> Looks good. Can you check logwatch for any error messages?
>
i ran
logwatch --service smartd --range Yesterday --detail high -debug 5
i see
export LOGWATCH_LOGFILE_LIST='/var/log/daemon.log '
it seems my bookworm doesn't have a daemon log
Am 20.11.2023 um 17:54:27 Uhr schrieb fxkl4...@protonmail.com:
> 2023-11-19T07:24:45.772306-06:00 honey smartd[858]: Device: /dev/sdb
> [SAT], SMART Usage Attribute: 194 Temperature_Celsius changed from
> 111 to 112
Looks good. Can you check logwatch for any error messages?
On Mon, 20 Nov 2023, Marco Moock wrote:
> Am 20.11.2023 um 15:14:51 Uhr schrieb fxkl4...@protonmail.com:
>
>> if i look in /var/log/syslog i see many entries
>
> What is the name of the entries?
>
> For me it is smartd.
>
2023-11-19T07:24:45.772306-06:00 honey smartd[858]: Device: /dev/sdb [SAT],
Am 20.11.2023 um 15:14:51 Uhr schrieb fxkl4...@protonmail.com:
> if i look in /var/log/syslog i see many entries
What is the name of the entries?
For me it is smartd.
since i upgraded to bookworm there is no smartd section in logwatch
logwatch runs every night using default settings
if i run
logwatch --service smartd --range Yesterday --detail high
i get nothing
if i look in /var/log/syslog i see many entries
Hi. I have a system in the cloud and after upgrading it to buster,
logwatch is no longer logging proftpd messages. I looked and they
seem to be in the auth.log file, doesn't logwatch search that file?
How can I get logwatch to check proftpd entries now?
Thanks in advance for any sugges
Dan Ritter writes:
> Sharon Kimble wrote:
>>
>> How can I configure logwatch to only fire off at midnight, instead of
>> its current 0738, please?
>
> If I recall correctly, logwatch is run via cron.daily, which
> means anacron does it as part of its own routine
On Tue, 10 Sep 2019 at 00:09, Jonas Smedegaard wrote:
>
> Yeah, the good old days when the system could fit on a floppy, and USB
> wasn't invented. Blissful times.
Agreed, see [1].
[1] https://en.wikipedia.org/wiki/USB_hardware#Connector_types
Quoting ghe (2019-09-09 16:02:27)
> On 9/9/19 5:47 AM, Charles Curley wrote:
>
> > Kudzuesque systemd appears to be taking over everything
>
> Remember the good old days when a *nix program did one thing and did
> it well?
Yeah, the good old days when the system could fit on a floppy, and U
On 9/9/19 5:47 AM, Charles Curley wrote:
> Kudzuesque systemd appears to be taking over everything
Remember the good old days when a *nix program did one thing and did it
well?
--
Glenn English
On Mon, 09 Sep 2019 10:01:56 +0100
Sharon Kimble wrote:
> How can I configure logwatch to only fire off at midnight, instead of
> its current 0738, please?
Kudzuesque systemd appears to be taking over everything
I want logwatch and other things to run at 04:30 or so, so here's w
Sharon Kimble wrote:
>
> How can I configure logwatch to only fire off at midnight, instead of
> its current 0738, please?
If I recall correctly, logwatch is run via cron.daily, which
means anacron does it as part of its own routine.
anacron is fired off via /etc/crontab.
You have tw
How can I configure logwatch to only fire off at midnight, instead of
its current 0738, please?
Thanks
Sharon.
--
A taste of linux = http://www.sharons.org.uk
TGmeds = http://www.tgmeds.org.uk
DrugFacts = https://www.drugfacts.org.uk
Debian 10.0, fluxbox 1.3.7, emacs 26.3, org 9.2.6
I have two problems that have been bothering me for some time, the first
for about several days, and the second for a week or two.
- This has begun appearing in my daily Logwatch output, and now using
these file managers is virtually impossible as they are so
untrustworthy. But what can I
François Patte wrote:
> Today, I get this warning from logwatch:
I am glad there was a good answer to your question. And now that
there has been one I feel okay in posting something taking this in a
different direction. I suggest that you don't try to "make a silk
purse out of a pi
François Patte wrote:
> I installed /tmp as tmpfs, is there a config file for logwatch where I
> can modify this and tell logwatch to use /var/tmp instead of /tmp?
The default value in the program can be (and is) overridden by the system
installed default configuration file logwatch.conf,
Hello,
I would like to have the logwatch resolve the IPs addresses in the report
that it sends by email.
Right now I get this:
- httpd Begin
1.75 MB transferred in 344 responses (1xx 0, 2xx 309, 3xx 6, 4xx 29, 5xx
0)
56 Images (0.07 MB
Bonjour,
Today, I get this warning from logwatch:
gzip: stdout: No space left on device
system 'zcat '/var/log/syslog.2.gz' >>
/tmp/logwatch.X_4YucXv/syslog-archive' failed: 256 at /usr/sbin/logwatch
line 774.
run-parts: /etc/cron.daily/00logwatch exited with return c
Bob Proulx grabbed a keyboard and wrote:
> David Guntner wrote:
>> Bob Proulx grabbed a keyboard and wrote:
>>> If the documented procedure isn't working then please file a bug
>>> against it.
>>
>> Where/how does one do that, exactly?
>
> [Info and "rant" removed]
Thanks for the info. Who knows,
David Guntner wrote:
> Bob Proulx grabbed a keyboard and wrote:
> > If the documented procedure isn't working then please file a bug
> > against it.
>
> Where/how does one do that, exactly?
Use the 'reportbug' tool. Start off by browsing the man page so that
you are familiar with the basic capab
Bob Proulx grabbed a keyboard and wrote:
> David Guntner wrote:
>> Bob Proulx grabbed a keyboard and wrote:
>>> It describes the new scheme and describes a /etc/logwatch/conf
>>> directory for local customizations.
>>
>> Which, as I noted, I was origina
David Guntner wrote:
> Bob Proulx grabbed a keyboard and wrote:
> > It describes the new scheme and describes a /etc/logwatch/conf
> > directory for local customizations.
>
> Which, as I noted, I was originally using and yet was being ignored for
> some reason. Maybe th
Bob Proulx grabbed a keyboard and wrote:
> David Guntner wrote:
>> Ok, upon further searching around, I think I found the problem. It
>> looks like the config file location for the program moved somewhere
>> along the way. It's no longer using /etc/logwatch (I *thought
David Guntner wrote:
> Ok, upon further searching around, I think I found the problem. It
> looks like the config file location for the program moved somewhere
> along the way. It's no longer using /etc/logwatch (I *thought* that
> directory seemed kinda empty other than my lone
[Following up to myself]
David Guntner grabbed a keyboard and wrote:
> Since upgrading to Wheezy, I've had the following entries showing up in
> my morning logwatch E-Mail:
>
>> - Dovecot Begin
>>
>> Dovecot disconnec
Since upgrading to Wheezy, I've had the following entries showing up in
my morning logwatch E-Mail:
> - Dovecot Begin
>
> Dovecot disconnects:
> Inactivity: 27 Time(s)
> Inactivity (tried to use disallowed plain
On Mon, 30 Apr 2012 00:12:43 +0200, Maarten Derickx wrote:
> 2012/4/29 Maarten Derickx
>
>
>> A closer inspection of the logfiles I cared about revealed that there
>> where also related errors. I made a patch with all the changes and
>> posted it at http://pastebin.com/6vALKDYN . What is the pr
2012/4/29 Maarten Derickx
>
> A closer inspection of the logfiles I cared about revealed that there where
> also related errors. I made a patch with all the changes and posted it at
> http://pastebin.com/6vALKDYN . What is the procedure for getting these fixes
> in debian?
>
>
> Thanks,
> Maar
Maarten Derickx wrote:
> A closer inspection of the logfiles I cared about revealed that there
> where also related errors. I made a patch with all the changes and
> posted it at http://pastebin.com/6vALKDYN . What is the procedure for
> getting these fixes in debian?
Report it as a bug. Using 'r
he file in
/usr/share/logwatch/default.conf/logfiles/secure.conf
There was a rule wich said:
Archive = authlog.*
But this line should read:
Archive = auth.log.*
A closer inspection of the logfiles I cared about revealed that there
where also related errors. I made a patch with all the changes
On Sun, 29 Apr 2012 14:39:08 +0200, Maarten Derickx wrote:
(...)
→ About the problem of analyzing from the archive
> The strange thing is that when I do:
>
> logwatch --service sshd --archives
>
> I get only 3 logins 2 from "mderickx" and 1 from "sag
Dear All,
I'm using debian 6.0.4 and recently I ran into trouble using logwatch. I
have installed logwatch using apt-get and the only change I made to the
config related to logwatch is:
--- /dev/null
+++ b/logwatch/conf/logwatch.conf
@@ -0,0 +1 @@
+Range = since -7 days
and I setup a cronj
Hi
I have several simple questions regarding Logwatch reporting on Postfix
logs with Mailman involved, too.
(1) How does Logwatch work? Suppose an attacker manages to break into
the machine and deletes/changes parts of the logs. Will Logwatch get
tricked by this or not?
I guess Logwatch is just
Hi,
Does anyone know any good introductory guides to using logwatch, with
emphasis on intrusion catching?
Thanks,
James
Joe Mc Cool wrote:
>Please,
>
>logwatch is reporting:
>
>
>
>> - IMAP Begin
>>
>>
>>[IMAPd] Connections:
>>=
>>
Please,
logwatch is reporting:
> - IMAP Begin
>
>
> [IMAPd] Connections:
> =
> Host | Connections |
Hello,
I am running an almost pure sarge system with logwatch 5.2.2-5 and
postfix 2.2.4-1.0.1. All is well, except for the fact that logwatch
produces a bit too much output for my taste in the postfix section.
Specifically, all the statistics that Anvil prints are added to the
report as unmatched
Hi,
I am running a few debian machines with logcheck installed and its
working fine. I also maintain a couple of redhat machines and I stumbled
across logwatch and the reports from logwatch seem to be a lot more
intelligible for a non-techie user.
Anybody here have any opinions on logcheck vs
[20030618] Bob Proulx ([EMAIL PROTECTED]) wrote:
> Whither logwatch?
>
> In the past on RH systems I have used logwatch to summarize
> interesting logfile events and mail them to the admin. Recently I
> have not used anything. Just yesterday a friend, that I have
> convi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Jun 18, 2003 at 09:38:41AM -0600, Bob Proulx wrote:
> In the past on RH systems I have used logwatch to summarize
> interesting logfile events and mail them to the admin. Recently I
apt-get install logcheck ?
- --
.''`.
Whither logwatch?
In the past on RH systems I have used logwatch to summarize
interesting logfile events and mail them to the admin. Recently I
have not used anything. Just yesterday a friend, that I have
convinced to try Debian, asked about logwatch. I would like to give
him a good answer
Michael Wagner <[EMAIL PROTECTED]> writes:
> On Dienstag, 11. Dez. 2001 at 23:31:59, Josef Oswald wrote:
>
>>I have one more question though:
>>
>>I would like to move part of my Debian-Linux onto another HDD, I got 3
>>Disks on my system, ( and one more Linux-Installation which I could
>>use to t
On Dienstag, 11. Dez. 2001 at 23:31:59, Josef Oswald wrote:
>I have one more question though:
>
>I would like to move part of my Debian-Linux onto another HDD, I got 3
>Disks on my system, ( and one more Linux-Installation which I could
>use to transfer Debian) is there somewhere a How-to or other
Hi:-)
Dave Sherohman <[EMAIL PROTECTED]> writes:
> On Tue, Dec 11, 2001 at 09:53:03AM -0800, ben wrote:
> > On Tuesday 11 December 2001 07:46 am, Dave Sherohman wrote:
>> [snip]
>> > (And, as a side note, Debian's default MTA is exim, not postfix.)
Sorry:-)
I did not start with a plain Debian
On Tue, 11 Dec 2001, ben wrote:
> are you sure about this? i would expect that any default application would be
> part of the default installation--yet, despite numerous installations and
> upgrades, i have yet to see that exim installed as default and postfix didn't.
Yeah, exim is the default MT
On Tue, Dec 11, 2001 at 09:53:03AM -0800, ben wrote:
> On Tuesday 11 December 2001 07:46 am, Dave Sherohman wrote:
> [snip]
> > (And, as a side note, Debian's default MTA is exim, not postfix.)
>
> are you sure about this? i would expect that any default application would be
> part of the default
On Tuesday 11 December 2001 07:46 am, Dave Sherohman wrote:
[snip]
> (And, as a side note, Debian's default MTA is exim, not postfix.)
are you sure about this? i would expect that any default application would be
part of the default installation--yet, despite numerous installations and
upgrades,
e
essential to the system's operation belong in /bin. So, where is it?
$ which mail
/usr/bin/mail
Or, alternately, you could just not worry about logwatch.pl and
install the logcheck package instead. I've never used logwatch, but
I'm quite pleased with logcheck.
(And, as a side
Hi:-)
On my RPM-based box I used a tool called Logwatch I got from
ftp://ftp:kaybee.org/pub/linux
now under Debian ( really me just being a newbie to linux) I don't
know how to install it
I used # perl logwatch.pl but prints a error:
sh /bin/mail file not found, could it be
52 matches
Mail list logo
