Server-bff.net - FreeBSD logwatch導入

: カテゴリー: サーバ運用メモ; 公開日:2022年06月06日; 作成日:2022年06月06日; 最終更新日:2022年06月06日; 参照数: 128

FreeBSD

logwatchを導入し、日次でログ内容をメールで受信する。

OS

# uname -a
FreeBSD www.server-bff.net 12.3-RELEASE FreeBSD 12.3-RELEASE r371126 GENERIC  amd64

稼働サービス

# httpd -v
Server version: Apache/2.4.53 (FreeBSD)

# named -v
BIND 9.16.27 (Extended Support Version) <id:96094c5>

logwatchインストール

# pkg install logwatch-7.5.1
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        logwatch: 7.5.1

Number of packages to be installed: 1

The process will require 2 MiB more space.
298 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching logwatch-7.5.1.pkg: 100%  298 KiB 305.5kB/s    00:01
Checking integrity... done (0 conflicting)
[1/1] Installing logwatch-7.5.1...
[1/1] Extracting logwatch-7.5.1: 100%

設定ファイルは、ここ

/usr/local/etc/logwatch/defaults/logwatch.conf

logwatch.confの設定箇所抜粋

########################################################
# This was written and is maintained by:
#    Kirk Bauer <このメールアドレスはスパムボットから保護されています。閲覧するにはJavaScriptを有効にする必要があります。>
#
# Please send all comments, suggestions, bug reports,
#    etc, to このメールアドレスはスパムボットから保護されています。閲覧するにはJavaScriptを有効にする必要があります。.
#
########################################################

# NOTE:
#   All these options are the defaults if you run logwatch with no
#   command-line arguments.  You can override all of these on the
#   command-line.

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of <name> = <value>.  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the = sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

# Default Log Directory
# All log-files are assumed to be given relative to this directory.
LogDir = /var/log

# You can override the default temp directory (/tmp) here
TmpDir = /usr/local/var/logwatch

#Output/Format Options
#By default Logwatch will print to stdout in text with no encoding.
#To make email Default set Output = mail to save to file set Output = file
Output = stdout
#To make Html the default formatting Format = html
Format = text
#To make Base64 [aka uuencode] Encode = base64
Encode = none

# Input Encoding
# Logwatch assumes that the input is in UTF-8 encoding.  Defining CharEncoding
# will use iconv to convert text to the UTF-8 encoding.  Set CharEncoding
# to an empty string to use the default current locale.  If set to a valid
# encoding, the input characters are converted to UTF-8, discarding any
# illegal characters.  Valid encodings are as used by the iconv program,
# and `iconv -l` lists valid character set encodings.
# Setting CharEncoding to UTF-8 simply discards illegal UTF-8 characters.
#CharEncoding = ""

# Default person to mail reports to.  Can be a local account or a
# complete email address.  Variable Output should be set to mail, or
# --output mail should be passed on command line to enable mail feature.
MailTo = このメールアドレスはスパムボットから保護されています。閲覧するにはJavaScriptを有効にする必要があります。  ←メールの送信先アドレスを記載

# WHen using option --multiemail, it is possible to specify a different
# email recipient per host processed.  For example, to send the report
# for hostname host1 to このメールアドレスはスパムボットから保護されています。閲覧するにはJavaScriptを有効にする必要があります。, use:
#Mailto_host1 = このメールアドレスはスパムボットから保護されています。閲覧するにはJavaScriptを有効にする必要があります。
# Multiple recipients can be specified by separating them with a space.

# Default person to mail reports from.  Can be a local account or a
# complete email address.
MailFrom = Logwatch

# The default time range for the report...
# The current choices are All, Today, Yesterday
Range = yesterday

# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = High

cronでの定期実行設定

# vi /etc/crontab
# /etc/crontab - root's crontab for FreeBSD
#
# $FreeBSD: releng/12.3/usr.sbin/cron/cron/crontab 338497 2018-09-06 14:55:54Z brd $
#
0       5       *       *       *       root    /usr/local/sbin/logwatch.pl  --output mail

毎朝、5時にログの集計結果をメールで受信する。
こんな感じ
↓

件名：Logwatch for www.server-bff.net (FreeBSD)
本文
################### Logwatch 7.5.1 (01/22/19) #################### 
        Processing Initiated: Sun Jun  5 05:00:02 2022
        Date Range Processed: yesterday
                              ( 2022-Jun-04 )
                              Period is day.
        Detail Level of Output: 10
        Type of Output/Format: mail / text
        Logfiles for Host: www.server-bff.net
 ################################################################## 
 --------------------- Cron Begin ------------------------ 

 Commands Run:
    User operator:＊＊＊＊＊＊＊＊＊＊＊＊＊＊＊＊＊
 
 ---------------------- Cron End ------------------------- 
 --------------------- Kernel Begin ------------------------ 

 5 Time(s): arp: 192.168.XXX.XXX moved from XXXXXXX on vtnet0
 
 ---------------------- Kernel End ------------------------- 
 --------------------- Named Begin ------------------------ 

 **Unmatched Entries**
    DNS format error from XXX.XXX.XXX.XXX#53 resolving XXXX.com/AAAA for <unknown>: XXXX (SOA) not subdomain of zone XXX.com -- invalid response: 5 Time(s)
 ---------------------- Named End ------------------------- 
 --------------------- SpamAssassin Begin ------------------------ 

 
 **Unmatched Entries**
    XXXXXX failed: 1: 3 Time(s)
 
 ---------------------- SpamAssassin End ------------------------- 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size    Used   Avail Capacity  Mounted on
 /dev/vtbd0p2    XXXG    XXG    XXXG     X%    /
 devfs           XXK    XXK      XB   XX%    /dev
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

以上