Logwatch
Czyli jak ujarzmić logi systemowe i aplikacyjne
Gerard Stańczak
Software Freedom Day 2013 Łódź
O problemie
- Wiele usług, o roznym formacie i strukturze logów
- Wiele hostów, brak centralizacji
- Nadmiar niepotrzebnych informacji
- Brak statystyk użycia
Logwatch
- Wysoce konfigurowalny analizator logów
-
Program parsujący logi i generujacy raporty
- Sito dla istotnych powiadomień
- Kolekcja skryptów perlowych "grepujących" logi aplikacji
apt-get install logwatch
yum install logwatch
manual - mkdir/cp
logwatch --print
logwatch
/root/.forward
/etc/aliases
/etc/logwatch/conf/logwatch.conf
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Sun Feb 10 03:47:03 2013
Date Range Processed: yesterday
( 2013-Feb-09 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: bocian
##################################################################
--------------------- Sudo (secure-log) Begin ------------------------ ======================================================================== adam => root ------------ /bin/su - 1 Times. ======================================================================== gstan => root ------------- /bin/su - 7 Times. ---------------------- Sudo (secure-log) End -------------------------
--------------------- Postfix Begin ------------------------
867 Miscellaneous warnings
443.753K Bytes accepted 454,403
453.104K Bytes delivered 463,979
======== ================================================
390 Accepted 100.00%
-------- ------------------------------------------------
390 Total 100.00%
======== ================================================
99 Connections made
99 Disconnections
390 Removed from queue
289 Delivered
102 Sent via SMTP
1 Forwarded
---------------------- Postfix End -------------------------
--------------------- vsftpd-messages Begin ------------------------
User FTP Logins:
(91.193.161.121): qcloud - 1 Time(s)
Failed FTP Logins:
(66.249.66.197): anonymous - 2 Time(s)
(119.129.118.47): anonymous - 1 Time(s)
Incoming FTP Files:
/o-nas-duze.png <- 91.193.161.121 (User: qcloud)
TOTAL KB IN: 288KB (0MB)
**Unmatched Entries**
Fri Sep 20 12:46:46 2013 [pid 2451] [qcloud] DEBUG: Client "91.193.161.121", "Connection terminated without SSL shutdown - buggy client?"
---------------------- vsftpd-messages End -------------------------
/usr/share/logwatch/
- scripts/
- services/
- conf/
- logfiles/
- services/
- logwatch.conf
-
/etc/logwatch/
- scripts/
- services/
- conf/
- logfiles/
- services/
- ignore.conf
- logwatch.conf
W praktyce
Demo
Zalety
|
Wady
|
Pytania?
gerard.stanczak@osworld.pl
Logwatch Czyli jak ujarzmić logi systemowe i aplikacyjne Gerard Stańczak Software Freedom Day 2013 Łódź
Logwatch
By Gerard
Logwatch
- 1,079
