Différences

Ci-dessous, les différences entre deux révisions de la page.

--- logwatch [2020/11/05 19:42] – créée pascal
+++ logwatch [2023/07/04 10:55] (Version actuelle) – modification externe 127.0.0.1
@@ Ligne 1: / Ligne 1: @@
-====== Network Time Protocol Daemon (ntpd) ======
+====== Surveillance des log (logwatch) ======
 ===== Présentation =====
-ntpd est un daemon qui permet de garder sa machine à l'heure en se synchronisant sur des serveurs de temps. A noté que les machines virtuelles n'ont pas besoin de se synchroniser puisqu'elles utilisent l'horloge de leur hôte.
+logwatch est un logiciel qui permet de recevoir par mail des informations sur le serveur. Ces informations sont issues de l'analyse des log.
 ===== Installation =====
 <code>
-root@mazarini:~# apt-get install ntp
+root@mazarini:~# apt-get install logwatch
 </code>
-===== Configuration /etc/ntp.conf =====
+===== Configuration =====
-==== Configuration initiale ====
+==== /var/cache/logwatch ====
+Création du répertoire s'il n'existe pas.
 <file>
-# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+root@mazarini:~# sudo mkdir -p /var/cache/logwatch
+root@mazarini:~# ls -l /var/cache/logwatch
+total 0
+root@mazarini:~#
+</file>
+==== /etc/logwatch/conf/logwatch.conf ====
+Copier le fichier /usr/share/logwatch/default.conf/logwatch.conf comme exemple pour débuter la configuration.
+=== Configuration initiale ===
+<file>
+########################################################
+# This was written and is maintained by:
+#    Kirk Bauer <kirk@kaybee.org>
+#
+# Please send all comments, suggestions, bug reports,
+#    etc, to kirk@kaybee.org.
+#
+########################################################
-driftfile /var/lib/ntp/ntp.drift
+# NOTE:
+#   All these options are the defaults if you run logwatch with no
+#   command-line arguments.  You can override all of these on the
+#   command-line.
+# You can put comments anywhere you want to.  They are effective for the
+# rest of the line.
-# Enable this if you want statistics to be logged.
+# this is in the format of <name> = <value>.  Whitespace at the beginning
-#statsdir /var/log/ntpstats/
+# and end of the lines is removed.  Whitespace before and after the = sign
+# is removed.  Everything is case *insensitive*.
-statistics loopstats peerstats clockstats
+# Yes = True  = On  = 1
-filegen loopstats file loopstats type day enable
+# No  = False = Off = 0
-filegen peerstats file peerstats type day enable
-filegen clockstats file clockstats type day enable
+# You can override the default temp directory (/tmp) here
+TmpDir = /var/cache/logwatch
-# You do need to talk to an NTP server or two (or three).
+#Output/Format Options
-#server ntp.your-provider.example
+#By default Logwatch will print to stdout in text with no encoding.
+#To make email Default set Output = mail to save to file set Output = file
+Output = stdout
+#To make Html the default formatting Format = html
+Format = text
+#To make Base64 [aka uuencode] Encode = base64
+Encode = none
-# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+# Input Encoding
-# pick a different set every time it starts up.  Please consider joining the
+# Logwatch assumes that the input is in UTF-8 encoding.  Defining CharEncoding
-# pool: <http://www.pool.ntp.org/join.html>
+# will use iconv to convert text to the UTF-8 encoding.  Set CharEncoding
-server 0.debian.pool.ntp.org iburst
+# to an empty string to use the default current locale.  If set to a valid
-server 1.debian.pool.ntp.org iburst
+# encoding, the input characters are converted to UTF-8, discarding any
-server 2.debian.pool.ntp.org iburst
+# illegal characters.  Valid encodings are as used by the iconv program,
-server 3.debian.pool.ntp.org iburst
+# and `iconv -l` lists valid character set encodings.
+# Setting CharEncoding to UTF-8 simply discards illegal UTF-8 characters.
+#CharEncoding = ""
+# Default person to mail reports to.  Can be a local account or a
+# complete email address.  Variable Output should be set to mail, or
+# --output mail should be passed on command line to enable mail feature.
+MailTo = root
+# WHen using option --multiemail, it is possible to specify a different
+# email recipient per host processed.  For example, to send the report
+# for hostname host1 to user@example.com, use:
+#Mailto_host1 = user@example.com
+# Multiple recipients can be specified by separating them with a space.
-# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# Default person to mail reports from.  Can be a local account or a
-# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# complete email address.
-# might also be helpful.
+MailFrom = Logwatch
-#
-# Note that "restrict" applies to both servers and clients, so a configuration
-# that might be intended to block requests from certain clients could also end
-# up blocking replies from your own upstream servers.
-# By default, exchange time with everybody, but don't allow configuration.
+# if set, the results will be saved in <filename> instead of mailed
-restrict -4 default kod notrap nomodify nopeer noquery
+# or displayed. Be sure to set Output = file also.
-restrict -6 default kod notrap nomodify nopeer noquery
+#Filename = /tmp/logwatch
-# Local users may interrogate the ntp server more closely.
+# Use archives?  If set to 'Yes', the archives of logfiles
-restrict 127.0.0.1
+# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
-restrict ::1
+# be searched in addition to the /var/log/messages file.
+# This usually will not do much if your range is set to just
+# 'Yesterday' or 'Today'... it is probably best used with Range = All
+# By default this is now set to Yes. To turn off Archives uncomment this.
+#Archives = No
-# Clients from this (example!) subnet have unlimited access, but only if
+# The default time range for the report...
-# cryptographically authenticated.
+# The current choices are All, Today, Yesterday
-#restrict 192.168.123.0 mask 255.255.255.0 notrust
+Range = yesterday
+# The default detail level for the report.
+# This can either be Low, Med, High or a number.
+# Low = 0
+# Med = 5
+# High = 10
+Detail = Low
-# If you want to provide time to your local subnet, change the next line.
-# (Again, the address is an example only.)
-#broadcast 192.168.123.255
-# If you want to listen to time broadcasts on your local subnet, de-comment the
+# The 'Service' option expects either the name of a filter
-# next lines.  Please do this only if you trust everybody on the network!
+# (in /usr/share/logwatch/scripts/services/*) or 'All'.
-#disable auth
+# The default service(s) to report on.  This should be left as All for
-#broadcastclient
+# most people.
-</file>
+Service = All
-==== Choisir son serveur de référence ====
+# You can also disable certain services (when specifying all)
-<file>
+Service = "-zz-network"     # Prevents execution of zz-network service, which
-# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+                            # prints useful network configuration info.
-# pick a different set every time it starts up.  Please consider joining the
+Service = "-zz-sys"         # Prevents execution of zz-sys service, which
-# pool: <http://www.pool.ntp.org/join.html>
+                            # prints useful system configuration info.
-server 0.fr.pool.ntp.org iburst dynamic
+Service = "-eximstats"      # Prevents execution of eximstats service, which
-server 1.fr.pool.ntp.org iburst dynamic
+                            # is a wrapper for the eximstats program.
-server 2.fr.pool.ntp.org iburst dynamic
+# If you only cared about FTP messages, you could use these 2 lines
-server 3.fr.pool.ntp.org iburst dynamic
+# instead of the above:
-server ntp.online.net    iburst dynamic
+#Service = ftpd-messages   # Processes ftpd messages in /var/log/messages
-</file>
+#Service = ftpd-xferlog    # Processes ftpd messages in /var/log/xferlog
-Il faut choisir des **serveurs proche de chez soi**. Souvent, ce ne sont pas des machines mais des pools de machines qui tournent.
+# Maybe you only wanted reports on PAM messages, then you would use:
+#Service = pam_pwdb        # PAM_pwdb messages - usually quite a bit
+#Service = pam             # General PAM messages... usually not many
-J'ai choisi de prendre les serveurs ntp de mon hébergeur et les 4 pools français. Il y a des pools définis par zone géographique.
+# You can also choose to use the 'LogFile' option.  This will cause
+# logwatch to only analyze that one logfile.. for example:
+#LogFile = messages
+# will process /var/log/messages.  This will run all the filters that
+# process that logfile.  This option is probably not too useful to
+# most people.  Setting 'Service' to 'All' above analyzes all LogFiles
+# anyways...
-La machine ntp.online.net correspond à un pool de machines.
+#
+# By default we assume that all Unix systems have sendmail or a sendmail-like MTA.
+# The mailer code prints a header with To: From: and Subject:.
+# At this point you can change the mailer to anything that can handle this output
+# stream.
+# TODO test variables in the mailer string to see if the To/From/Subject can be set
+# From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt
+mailer = "/usr/sbin/sendmail -t"
-iburst : interroger les serveurs plusieurs fois en cas de non réponse
+#
+# With this option set to a comma separated list of hostnames, only log entries
+# for these particular hosts will be processed.  This can allow a log host to
+# process only its own logs, or Logwatch can be run once per a set of hosts
+# included in the logfiles.
+# Example: HostLimit = hosta,hostb,myhost
+#
+# The default is to report on all log entries, regardless of its source host.
+# Note that some logfiles do not include host information and will not be
+# influenced by this setting.
+#
+#HostLimit = myhost
-dynamic : ne pas black-lister les serveurs indisponible
+# Default Log Directory
+# All log-files are assumed to be given relative to the LogDir directory.
+# Multiple LogDir statements are possible.  Additional configuration variables
+# to set particular directories follow, so LogDir need not be set.
+#LogDir = /var/log
+#
+# By default /var/adm is searched after LogDir.
+#AppendVarAdmToLogDirs = 1
+#
+# By default /var/log is to be searched after LogDir and /var/adm/ .
+#AppendVarLogToLogDirs = 1
+#
+# The current working directory can be searched after the above.  Not set by
+# default.
+#AppendCWDToLogDirs = 0
+</file>
+=== Modifications ===
+<file>
+Output = mail						      |	Output = stdout
+MailFrom = root						      |	MailFrom = Logwatch
+</file>
 ===== Commandes =====
-==== Gestion du daemon ====
+==== Test de logwatch ====
 <code>
-root@mazarini:~# /etc/init.d/ntp stop
+root@mazarini:~# /usr/sbin/logwatch --output mail
-root@mazarini:~# /etc/init.d/ntp start
+root@mazarini:~#
-root@mazarini:~# /etc/init.d/ntp restart
-</code>
-==== Interrogation ====
-<code>
-# ntpq -p
-     remote           refid      st t when poll reach   delay   offset  jitter
-==============================================================================
- gw-01.darksky.i 213.251.128.249  2 u   48   64    1    4.463    2.915   0.000
- ns0.luns.net.uk 158.43.192.66    2 u   47   64    1   22.373   -0.584   0.000
--210-28-176.r 84.255.209.79    4 u   46   64    1    0.452   -0.475   0.000
- ntp-2.arkena.ne 193.190.230.65   2 u   45   64    1    0.916    0.336   0.000
- ntp1.online.net 145.238.203.14   2 u   44   64    1    0.293    2.246   0.000
-#
 </code>
+Commande trouvée dans /etc/cron.daily/00logwatch
 ===== Références =====
-  * Choix du pool de serveurs
-    * [[http://documentation.online.net/fr/serveur-dedie/reseau/information-parametres-reseau-dedibox#serveurs_ntp|Documentation online.net]]
-    * [[http://www.pool.ntp.org/fr/|NTP pool project]]