pax_global_header00006660000000000000000000000064121523575120014515gustar00rootroot0000000000000052 comment=81bc60d476a6207c215620a43799ac41439e5a7a logwatch-7.4.0+svn20130529rev144/000077500000000000000000000000001215235751200157335ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/HOWTO-Customize-LogWatch000066400000000000000000000535561215235751200222620ustar00rootroot00000000000000HOWTO-Customize-LogWatch ================================================================================ 1. Table of Contents ==================== 1. Table of Contents 2. Introduction 3. Directory Structure A. Configuration Structure B. Executable Structure 4. Customizing the Configuration 5. Customizing the Scripts 6. Creating New Service Filters A. Logfile Groups B. Service Filter Configuration C. Service Filer Executable D. Shared Script Commands 7. For More Information This document describes the structure of the Logwatch files in the distribution, how to modify the configuration files for your system, and how to create new service filters. 2. Introduction =============== Logwatch is a system log analyzer and reporter. Usage information about Logwatch can be obtained through the man page: man logwatch The section titled "MORE INFORMATION" in the man page lists additional documentation files available with the distribution. A summary of the command-line switches described in the man page can be obtained with the '--help' option: logwatch --help The rest of this document is intended for those that wish to customize or enhance Logwatch beyond the capabilities provided with the command-line switches. 3. Directory Structure ====================== This section describes the subdirectories and files shipped with the Logwatch distribution, using the names and locations used by default. The directory /usr/share/logwatch contains both the configuration and (perl) executable files. The contents of this directory are the following subdirectories: default.conf: Contains the default configuration files shipped with the Logwatch distribution dist.conf: Contains the configuration files shipped with your specific Operating Systems distribution. lib: Contains perl library files. scripts: Contains the perl executables. The /etc/logwatch directory contains the following subdirectories: conf: Contains the configuration files specific to the system. scripts: Contains the executable scripts specific to the system. A. Configuration Structure -------------------------- The contents of the three directories /usr/share/logwatch/default.conf, /usr/share/logwatch/dist.conf, and /etc/logwatch/conf, all have the same structure: services: This subdirectory contains the configuration files specific to each service. Logwatch determines which services are available by examining the contents of this directory. Each service configuration file is named by its service name with the ".conf" suffix. logfiles: This subdirectory contains the logfile group configuration files. Each logfile group configuration file contains information about one or more log files with the same format. Several services may use the same logfile group configuration file. Each of these configuration files are named by the group name with the ".conf" suffix. Many of the group names are taken from the name of a system log file (such as messages, maillog, secure, etc.), but not always. logwatch.conf: This file contains the defaults for the overall execution of Logwatch, and affect all of its services. Many of its parameters can be overridden by command-line switches when invoking the Logwatch executable, as described in the man page for Logwatch. ignore.conf: This file specifies regular expressions that, when matched by the output of logwatch, will suppress the matching line, regardless of which service is being executed. The /etc/logwatch/conf directory may also contain the file 'override.conf', which is described in section 4, "Customizing the Configuration." B. Executable Structure ----------------------- The contents of the two directories /usr/share/logwatch/scripts and /etc/logwatch/scripts have the same structure: services: This subdirectory contains the executable for each service. Unless otherwise specified in the configuration service file (see above), the executables are written in the perl language. shared: This subdirectory contains executables that may be invoked by more than one configuration service file. logfiles: This subdirectory may contain subdirectories with logfile group names. The executables under each of these subdirectories are automatically invoked when running a service that uses the corresponding logfile group name. 4. Customizing the Configuration ================================ Logwatch can be, and has been, used on many variants of the Linux and UNIX systems. Some distributions that include Logwatch modify the default configuration to comply with the settings of said distributions. Therefore, most people will not need to make any modifications to Logwatch. However, Logwatch, starting with version 7.0, implements a mechanism to allow modifying the local system easier. These modifications may be needed either because the configuration of the service that writes to the system log has been altered from its default, or because the Logwatch user prefers what is reported or how it is reported by Logwatch to be different. You can customize the output of logwatch by modifying variables in the /etc/logwatch/conf directory. Default values are specified in the /usr/share/logwatch/default.conf directory. Your distribution may have set additional defaults in the /usr/share/logwatch/dist.conf directory. All the variables available are declared in the files under these directories. You can change the default values to modify how or what is displayed with logwatch. One variable available to all services, and which by default is not specified, is the 'Detail' variable (note that it is not preceded by a '$' symbol). Specifying a Detail value will override the global Detail level, for that service only. There are two mechanisms for customizing the variables: 1. The /etc/logwatch/conf directory is first searched for files with the same name and relative location as the /usr/share/logwatch/default.conf directory. Variables declared in these files override the defaults. For example, if file /etc/logwatch/conf/services/sendmail.conf has the single entry: $sendmail_unknownusersthreshold = 5 then the threshold for unknown users is set to five instead of the default of one. All other parameters are not modified. The configuration files have four different types of declarations, determined by the first character in each line: '#': Rest of line is a comment, and is ignored. '$': Rest of first field is a variable '*': Denotes the name of an executable script Other than blank lines, the only other declarations are reserved variable names, such as LogFile, Archive, etc. In general, setting a variable overrides any value previously set. However, the following variables are cumulative: - In logwatch.conf: LogFile, Service - In services/service_name.conf: LogFile - In logfiles/service_name.conf: LogFile, Archive To remove all previous declarations of that variable, set the variable to the empty string. Duplicate values in the cumulative variables are deleted. If an executable script is declared in an /etc/logwatch/conf file, all of the executable script declarations in the corresponding file in /usr/share/logwatch/default.conf or /usr/share/logwatch/dist.conf are ignored. Because of the way variables and executable scripts are declared, the files in /etc/logwatch/conf/ can be created in one of two ways: - you can create a file with only the modified variables (and new executable script declarations, if needed), as described above, or - you can copy an entire configuration file from /usr/share/logwatch/default.conf to its corresponding location in /etc/logwatch/conf, and then modify those lines that require it. Because duplicates are removed from cumulative variables, and new executable script groups override the old ones, the output should be correct. 2. The /etc/logwatch/conf/override.conf file is then searched. The first field in each line may be one of the following: # This character indicates that the rest of the line is a comment, and is ignored. logwatch: This string indicates that the rest of the line is a global configuration option, and uses the same syntax as the /usr/share/logwatch/default.conf/logwatch.conf file. services/service_name: (Where service_name is the name of a service.) This string indicates that the rest of the line is a configuration option for the specified service, and uses the same syntax as the /usr/share/logwatch/default.conf/services files. logfiles/service_name: (Where service_name is the name of a service.) This string indicates that the rest of the line is a configuration option for the specified service, and uses the same syntax as the /usr/share/logwatch/default.conf/logfiles files. For example, if the file /etc/logwatch/conf/override.conf has the single entry: logwatch: Detail = High then the default detail level for all services will be set to High. And, in file override.conf, the following declaration: logfiles/messages: LogFile = syslog will analyze the syslog file (in addition to the default messages file) for certain services. But the following two declarations combined: logfiles/messages: LogFile = logfiles/messages: LogFile = syslog will cause the messages file to be ignored for those same services, and only the syslog file will be used. 5. Customizing the Scripts ========================== Similarly to the way you can customize the configuration, as specified in section 4, you can override the default executable scripts. This is accomplished by placing an executable file with the same name and relative path (with respect to /usr/share/logwatch/scripts) under the /etc/logwatch/scripts directory. If such a file is found in the /etc/logwatch/scripts directory, the corresponding file under /usr/share/logwatch/scripts will be ignored. 6. Creating New Service Filters =============================== New services may be created by creating new configuration and executable files, described above, and placing them in the /etc/logwatch directory. This section provides additional details and examples for creating new service filters, but it might be easier to base the new files on the existing configuration and script files under the /usr/share/logwatch directory. A. Logfile Groups ----------------- There is only one required line in the logfile group config file. This command is called 'LogFile'. # This will be the logfile named 'messages' in the default logfile # directory (probably /var/log). LogFile = messages # You can also give this command with an absolute path, like this: LogFile = /var/log/messages You can have as many LogFile entries as you wish. All the files specified will be merged into one input stream for any filters that use this logfile group. You can also use standard wildcards when you specify the filename. Another command that is optional is called 'Archive'. You can specify a file to also include in the data stream if the '--archives' option is used. If these files do not exist it is okay. For example: # These 2 'Archive' entries will allow users of most Red Hat Linux # systems to access their archives of the 'messages' logfile: Archive = messages.? # If they configure Compression to be on in /etc/logrotate.conf: Archive = messages.?.gz # It is best just to include both of these so that the logfile group # will work for most systems. Now, the general theory is that the LogFile Group should apply the date range requested. If the logfile is in the standard syslog format, you can use the shared script 'ApplyStdDate' to filter out only the appropriate log entries. The way to call shared scripts (located under /usr/share/logwatch/scripts/shared) is: *ApplyStdDate = Anything following the equal sign will be passed to the program as arguments (the equal sign can be eliminated if no arguments are needed). You should look at the current logfile group config files for examples. Finally, if the directory /usr/share/logwatch/scripts/logfiles// exists, any scripts in that directory will be executed. All of these scripts take the contents of all the specified logfiles in through STDIN and output the modified logfile trought STDOUT. B. Service Filter Configuration File ------------------------------------ Once you have defined one or more logfile groups (or decided on one or more existing logfile groups), you need to define your service filter. This file needs to be in /etc/logwatch/conf/services/ and it needs to be named service_name.conf, where service_name is the name of the service. You should probably copy an existing config for another service to create a new one. There is only one required line. This is the command 'LogFile'. The LogFile command allows you to specify one or more *LogFile Groups* (as described above) that this filter will process. Remember, any filter can process any number of LogFile Groups, and any LogFile Group may contain the data from any number of logfiles (and archives). For a service filter that needs messages from /var/log/messages you would add this line: LogFile = messages NOTE: This is *not* because the name of the logfile is 'messages', but it is because the name of the LogFile Group that has been defined is 'messages'. You can have commands in the form of: *SharedScriptName = Arguments that will execute a script found in the /usr/share/logwatch/scripts/shared/ directory named 'SharedScriptName' with arguments 'Arguments'. This filter will modify the input to the service's filter. You can also have commands in the form: $EnvironmentVariable = Value This command will set the 'EnvironmentVariable' environment variable to the value 'Value'. This environment variable will be accessable by your filter program. You will also usually want to specify a title for your script (new in Logwatch 4.0). If specified, then a start and stop delimiter will be added by Logwatch for your specific service (with your script's output between those delimiters). This will *only* happen if you produce output. If you produce no output, the headers will not be created. Here is how you define your title: Title = "My Service Title" C. Service Filter Executable ---------------------------- Once everything above has been done, you are ready to actually write your filter. This can be done in any language as all it does is: 1) Read logfile entries from STDIN 2) Access some environment variables 3) Generate a report on STDOUT Before you try to write a filter, you should create the filter and make its contents the test script given below. The filter needs to be located in /etc/logwatch/scripts/services/ and named service_name (because you named the config file service_name.conf). ###################### Cut Here ######################### #!/bin/bash # This is as nice script that will show you the lines you will # be processing and reporting on. It will first display the # standard environment variables and then it takes STDIN and # dump it right back out to STDOUT. # These are the standard environment variables. You can define # more in your service config file (see above). echo "Date Range: $LOGWATCH_DATE_RANGE" echo "Detail Level: $LOGWATCH_DETAIL_LEVEL" echo "Temp Dir: $LOGWATCH_TEMP_DIR" echo "Debug Level: $LOGWATCH_DEBUG" # Now take STDIN and dump it to STDOUT cat ###################### Cut Here ######################### If you temporarily replace a script such as 'pam' with the above, you will notice that much has been cut out of /var/log/messages before it gets to this filter. The value of the environment variable LOGWATCH_DETAIL_LEVEL can be any integer. In reality, it is usually 0 (for low), 5 (for medium), and 10 (for high). Your script should only produce output as appropriate. If there are no relevant log entries, no output should be produced. Likewise, if you are reporting two things, such as "Good Logins" and "Bad Logins", you should only produce even the headers when appropriate. For example: Bad Logins: amber (2 time(s)) kirk (3 time(s)) Good Logins: amber (5 time(s)) kirk (10 time(s)) But, if no failed logins occur, you should only output: Good Logins: amber (5 time(s)) kirk (10 time(s)) Note that there is no "Bad Logins:" header as there were no bad logins. You should also use the detail environment variable when deciding what to output. Bad logins might always be displayed, but good logins might only be displayed at higher detail levels. Here is a guide on how you should use the detail setting: 0 (Low): Display only errors and security-related issues 5 (Med): Display anything that a typical administator would be interested in 10 (High): Display anything that a paranoid administrator would want to see In some cases, you can use a security setting higher than 10. This would be reserved for information so trivial that it would not even interest the US Government. D. Shared Script Commands ------------------------- The way to call commands is: *SharedScriptCommand [= Arguments] Logwatch will search for the command in /usr/share/logwatch/scripts/shared/ and /etc/logwatch/scripts/shared/. The command name is case insensitiv and can be used in logfile and service group configuratin files. Everything after the equal sign will be passed as arguments to the command. The following shared scripts are shipped with logwatch (they don't accept any arguments unless otherwise mentioned): - ApplyBindDate Filter messages with a time format of '%d-%b-%Y %H:%M:%S' - ApplyEuroDate Filter messages with a time format of '%Y-%m-%d %H:%M:%S' - ApplyHttpDate Filter messages with a time format of '%d/%b/%Y:%H:%M:%S' - ApplyStdDate Without argument filter messages with a time format of '%b %e %H:%M:%S' or '%Y-%m-%dT%H:%M:%S\.[0-9]+[+-][0-9]{2}:[0-9]{2} which is the ISO8601 logformat It accepts one argument which is the filter string, e.g.: *applystddate = "%m-%d-%Y %H:%M:%S" - ApplyTaiDate Filter messages which start with a hex string which represents the seconds since 01.01.1970.' - ApplyUSDate Filter messages with a time format of '%m/%d/%y:%H:%M:%S' - ApplyVsftpdDate Filter messages with a time format of '... %b %e %H:%M:%S 20%y' - EventLogOnlyService Filter messages which match: '... .. ..:..:.. .* MSWinEventLog\t\d+\t$ServiceName\t' It accepts one argument which is the $ServiceName - EventLogRemoveService Will remove the unwanted service from a logfile in a WinEventLog format. Drops messages which match the pattern in EventLogOnlyService. Accepts one argument which is $ServiceName - ExpandRepeats This used to expand "Last message repeated n Times" messages in standard sslog files. But it now ignores these lines, as otherwise the temporary logfiles will be too huge. - HostHash Print all hostnames which occured in a logfile. This matches only at default syslog format: '^... .. ..:..:.. ([\w\-\_]+)' - HostList Write a list of all hostnames which occured in a logfile to $LOGWATCH_TEMP_DIR/hostfile. This matches only at default syslog format: '^... .. ..:..:.. (\S*)' - MultiService This will pick out only the wanted service from a logfile in the standard syslog message format. Case insensitive. Accepts a comma separated list of service names as argument. - OnlyContains Just does a case insensitive egrep. Arguments are passed directly to egrep. - OnlyHost This will pick out only lines from $hostname from a logfile in the standard syslog format. Case insensitive. Set logwatch option LOGWATCH_ONLY_HOSTNAME or pass a comma separated list of hostnames as argument to make this work. - OnlyService This will pick out only the wanted service from a logfile in the standard syslog format. Case insensitive. First argument is the service name. - Remove Just a case insensitive, inverse egrep - RemoveHeaders Remove the beginning of each line of a standard syslog-style, Solaris ID tag style or date-prefix-style logfile. The pattern to remove is configurable and can be passed as the first argument, e.g.: * RemoveHeaders = "\d{4}-\d\d-\d\d \d\d:\d\:\d\d " - RemoveService Remove the unwanted service form a logfile in the standard syslog-style message format. Case insensitive. It accepts one argument which is a comma separated list of service names, e.g.: * RemoveService = "myservice,myotherservice" 7. For More Information ======================= The introduction of this document listed additional sources of information. In addition, the website http://www.logwatch.org contains: - the current (and some archived) distributions of Logwatch - access to mailing lists where comments, suggestions, bug reports, etc., are welcome. - access to the svn repository, for the very latest code. If you do create new services or enhancements that you feel would be useful to other people, please send them to the logwatch-devel mailing list at logwatch.org. If you send patches, please make sure that you have the latest version of the file from svn, and send the patch file in unified format (using 'svn diff' or 'diff -u') as an attachment. Enhancement suggestions are more likely to be implemented if patch files implementing the change are sent. logwatch-7.4.0+svn20130529rev144/LICENSE000066400000000000000000000020371215235751200167420ustar00rootroot00000000000000Copyright (c) 2011 Kirk Bauer Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. logwatch-7.4.0+svn20130529rev144/README000066400000000000000000000074741215235751200166270ustar00rootroot00000000000000What is Logwatch? Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Perl 5.8 or newer is recommended to run Logwatch. [But it will work with 5.6.1+] ------------------------------------------------------------------ How do I install it? An rpm file is available. The following describes how to install if you prefer to install from the source tar file: The simplest setup is to follow the default configurations. Simply make a directory (/usr/share/logwatch) and copy the scripts, conf, and lib directories into that directory. You will also need to make the /etc/logwatch dir if you want to make configuration changes without having to modify the default config files. The steps to follow to get the default setup going are something like this. [However we recommend using the install_logwatch.sh script when possible.] Untar logwatch. cd logwatch-x.x mkdir /etc/logwatch mkdir /etc/logwatch/scripts mkdir /etc/logwatch/conf mkdir /etc/logwatch/conf/logfiles mkdir /etc/logwatch/conf/services touch /etc/logwatch/conf/logwatch.conf touch /etc/logwatch/conf/ignore.conf touch /etc/logwatch/conf/override.conf mkdir /usr/share/logwatch mkdir /usr/share/logwatch/dist.conf mkdir /usr/share/logwatch/dist.conf/logfiles mkdir /usr/share/logwatch/dist.conf/services mv conf/ /usr/share/logwatch/default.conf mv scripts/ /usr/share/logwatch/scripts mv lib /usr/share/logwatch/lib mkdir /var/cache/logwatch ln -s /usr/share/logwatch/scripts/logwatch.pl /etc/cron.daily/0logwatch ln -s /usr/share/logwatch/scripts/logwatch.pl /usr/sbin/logwatch This is only a suggestion and if you look at the logwatch.pl script and the logwatch.conf file you will see that you can configure the system layout in many different ways. See also the file HOWTO-Customize-LogWatch for more information. ------------------------------------------------------------------ How do I use it? Well, it should pretty much work on its own, sending you an email every night. For more configuration options, run 'logwatch --help' or edit /usr/share/logwatch/default.conf/logwatch.conf or /etc/logwatch/logwatch.conf. See the file HOWTO-Customize-LogWatch for more information. You can also use it from the command line (as documented in the man page). There is some documentation available in Italian here: http://openskills.info/view/boxdetail.php?IDbox=656 ------------------------------------------------------------------ If you want me to add support for a new set of log entries, please email me all the log entries you can from that service from as many machines as possible! Or, better yet, read the HOWTO-Customize-LogWatch and write your own! ------------------------------------------------------------------ Mailing lists available! Logwatch List: For general discussion and questions about Logwatch. To Subscribe: echo "subscribe" | mail logwatch-request@kaybee.org Send Mail To: logwatch@kaybee.org Logwatch Announcements List: For important announcements about Logwatch. To Subscribe: echo "subscribe" | mail logwatch-announce-request@kaybee.org Logwatch Development List: For discussion about Logwatch development. To Subscribe: visit https://lists.sourceforge.net/lists/listinfo/logwatch-devel Send Mail To: logwatch-devel@lists.sourceforge.net ------------------------------------------------------------------ Please send suggestions, bug reports, and patches to: logwatch-devel@lists.sourceforge.net Please ask questions at: logwatch@kaybee.org ------------------------------------------------------------------ AUTHOR CONTACT INFORMATION: Kirk Bauer http://www.kaybee.org/kirk/ Newest releases can be found at: ftp://ftp.logwatch.org/pub/redhat/RPMS http://www.logwatch.org logwatch-7.4.0+svn20130529rev144/amavis-logwatch.1000066400000000000000000001016501215235751200211060ustar00rootroot00000000000000.TH AMAVIS-LOGWATCH 1 .ad .fi .SH NAME amavis-logwatch \- An Amavisd-new log parser and analysis utility .SH "SYNOPSIS" .na .nf .fi \fBamavis-logwatch\fR [\fIoptions\fR] [\fIlogfile ...\fR] .SH DESCRIPTION .ad .fi The \fBamavis-logwatch\fR(1) utility is an Amavisd-new log parser that produces summaries, details, and statistics regarding the operation of Amavisd-new (henceforth, simply called Amavis). .PP This utility can be used as a standalone program, or as a Logwatch filter module to produce Amavisd-new summary and detailed reports from within Logwatch. .PP \fBAmavis-logwatch\fR is able to produce a wide range of reports with data grouped and sorted as much as possible to reduce noise and highlight patterns. Brief summary reports provide a quick overview of general Amavis operations and message delivery, calling out warnings that may require attention. Detailed reports provide easy to scan, hierarchically-arranged and organized information, with as much or little detail as desired. .PP Much of the interesting data is available when Amavis' $log_level is set to at least 2. See \fBAmavis Log Level\fR below. .PP \fBAmavis-logwatch\fR outputs two principal sections: a \fBSummary\fR section and a \fBDetailed\fR section. For readability and quick scanning, all event or hit counts appear in the left column, followed by brief description of the event type, and finally additional statistics or count representations may appear in the rightmost column. The following segment from a sample Summary report illustrates: .RS 4 .nf ****** Summary ******************************************** 9 Miscellaneous warnings 20313 Total messages scanned ---------------- 100.00% 1008.534M Total bytes scanned 1,057,524,252 ======== ================================================ 1190 Blocked ------------------------------- 5.86% 18 Malware blocked 0.09% 4 Banned name blocked 0.02% 416 Spam blocked 2.05% 752 Spam discarded (no quarantine) 3.70% 19123 Passed -------------------------------- 94.14% 47 Bad header passed 0.23% 19076 Clean passed 93.91% ======== ================================================ 18 Malware ------------------------------- 0.09% 18 Malware blocked 0.09% 4 Banned -------------------------------- 0.02% 4 Banned file blocked 0.02% 1168 Spam ---------------------------------- 5.75% 416 Spam blocked 2.05% 752 Spam discarded (no quarantine) 3.70% 19123 Ham ----------------------------------- 94.14% 47 Bad header passed 0.23% 19076 Clean passed 93.91% ======== ================================================ 1982 SpamAssassin bypassed 32 Released from quarantine 2 DSN notification (debug supplemental) 2 Bounce unverifiable 2369 Whitelisted 2 Blacklisted 12 MIME error 58 Bad header (debug supplemental) 40 Extra code modules loaded at runtime .fi .RE 0 The report indicates there were 9 general warnings, and \fBAmavis\fR scanned a total of 20313 messages for a total of 1008.53 megabytes or 1,057,524,252 bytes. The next summary groups shows the Blocked / Passed overview, with 1190 Blocked messages (broken down as 18 messages blocked as malware, 4 messages with banned names, 416 spam messages, and 752 discarded messages), and 19123 Passed messages (47 messages with bad headers and 19076 clean messages). The next (optional) summary grouping shows message disposition by contents category. There were 18 malware messages and 4 banned file messages (all blocked), 1168 Spam messages, of which 416 were blocked (quarantined) and 752 discarded. Finally, there were 19123 messages consdidered to be Ham (i.e. not spam), 47 of which contained bad headers. Additional count summaries for a variety of events are also listed. .PP There are dozens of sub-sections available in the \fBDetailed\fR report, each of whose output can be controlled in various ways. Each sub-section attempts to group and present the most meaningful data at superior levels, while pushing less useful or \fInoisy\fR data towards inferior levels. The goal is to provide as much benefit as possible from smart grouping of data, to allow faster report scanning, pattern identification, and problem solving. Data is always sorted in descending order by count, and then numerically by IP address or alphabetically as appropriate. .PP The following Spam blocked segment from a sample \fBDetailed\fR report illustrates the basic hierarchical level structure of \fBamavis-logwatch\fR: .RS 4 .nf ****** Detailed ******************************************* 19346 Spam blocked ----------------------------------- 756 from@example.com 12 10.0.0.2 12 <> 12 192.168.2.2 12 <> 5 192.168.2.1 ... .fi .RE 0 .PP The \fBamavis-logwatch\fR utility reads from STDIN or from the named Amavis \fIlogfile\fR. Multiple \fIlogfile\fR arguments may be specified, each processed in order. The user running \fBamavis-logwatch\fR must have read permission on each named log file. .PP .SS Options The options listed below affect the operation of \fBamavis-logwatch\fR. Options specified later on the command line override earlier ones. Any option may be abbreviated to an unambiguous length. .IP "\fB--[no]autolearn\fR" .PD 0 .IP "\fB--show_autolearn \fIboolean\fR" .PD Enables (disables) output of the autolearn report. This report is only available if the default Amavis \fB$log_templ\fR has been modified to provide autolearn results in log entries. This can be done by uncommenting two lines in the Amavis program itself (where the default log templates reside), or by correctly adding the \fB$log_templ\fR variable to the \fBamavisd.conf\fR file. See Amavis' \fBREADME.customize\fR and search near the end of the Amavisd program for "autolearn". .IP "\fB--[no]by_ccat_summary\fR" .PD 0 .IP "\fB--show_by_ccat_summary \fIboolean\fR" .PD Enables (disables) the by contents category summary in the \fBSummary\fR section. Default: enabled. .IP "\fB-f \fIconfig_file\fR" .PD 0 .IP "\fB--config_file \fIconfig_file\fR" .PD Use an alternate configuration file \fIconfig_file\fR instead of the default. This option may be used more than once. Multiple configuration files will be processed in the order presented on the command line. See \fBCONFIGURATION FILE\fR below. .IP "\fB--debug \fIkeywords\fR" Output debug information during the operation of \fBamavis-logwatch\fR. The parameter \fIkeywords\fR is one or more comma or space separated keywords. To obtain the list of valid keywords, use --debug xxx where xxx is any invalid keyword. .IP "\fB--detail \fIlevel\fR" Sets the maximum detail level for \fBamavis-logwatch\fR to \fIlevel\fR. This option is global, overriding any other output limiters described below. The \fBamavis-logwatch\fR utility produces a \fBSummary\fR section, a \fBDetailed\fR section, and additional report sections. With \fIlevel\fR less than 5, \fBamavis-logwatch\fR will produce only the \fBSummary\fR section. At \fIlevel\fR 5 and above, the \fBDetailed\fR section, and any additional report sections are candidates for output. Each incremental increase in \fIlevel\fR generates one additional hierarchical sub-level of output in the \fBDetailed\fR section of the report. At \fIlevel\fR 10, all levels are output. Lines that exceed the maximum report width (specified with \fBmax_report_width\fR) will be cut. Setting \fIlevel\fR to 11 will prevent lines in the report from being cut (see also \fB--line_style\fR). .IP "\fB--[no]first_recip_only\fR" .PD 0 .IP "\fB--show_first_recip_only \fIboolean\fR" .PD Specifies whether or not to sort by, and show, only the first recipient when a scanned messages contains multiple recipients. .IP "\fB--help\fR" Print usage information and a brief description about command line options. .IP "\fB--ipaddr_width \fIwidth\fR" Specifies that IP addresses in address/hostname pairs should be printed with a field width of \fIwidth\fR characters. Increasing the default may be useful for systems using long IPv6 addresses. .IP "\fB-l limiter=levelspec\fR" .PD 0 .IP "\fB--limit limiter=levelspec\fR" .PD Sets the level limiter \fIlimiter\fR with the specification \fIlevelspec\fR. .IP "\fB--line_style \fIstyle\fR" Specifies how to handle long report lines. Three styles are available: \fBfull\fR, \fBtruncate\fR, and \fBwrap\fR. Setting \fIstyle\fR to \fBfull\fR will prevent cutting lines to \fBmax_report_width\fR; this is what occurs when \fBdetail\fR is 11 or higher. When \fIstyle\fR is \fBtruncate\fR (the default), long lines will be truncated according to \fBmax_report_width\fR. Setting \fIstyle\fR to \fBwrap\fR will wrap lines longer than \fBmax_report_width\fR such that left column hit counts are not obscured. This option takes precedence over the line style implied by the \fBdetail\fR level. The options \fB--full\fR, \fB--truncate\fR, and \fB--wrap\fR are synonyms. .IP "\fB--nodetail\fR" Disables the \fBDetailed\fR section of the report, and all supplemental reports. This option provides a convenient mechanism to quickly disable all sections under the \fBDetailed\fR report, where subsequent command line options may re-enable one or more sections to create specific reports. .PD 0 .IP "\fB--sarules \fR\`\fIS,H\fR\'" .IP "\fB--sarules default" .PD Enables the SpamAssassin Rules Hit report. The comma-separated \fIS\fR and \fIH\fR arguments are top N values for the Spam and Ham reports, respectively, and can be any integer greater than or equal to 0, or the keyword \fBall\fR. The keyword \fBdefault\fR uses the built-in default values. .IP "\fB--nosarules\fR" Disables the SpamAssassin Rules Hit report. .PD 0 .IP "\fB--sa_timings \fR\fInrows\fR" Enables the SpamAssassin Timings percentiles report. The report can be limited to the top N rows with the \fInrows\fR argument. This report requires Amavis 2.6+ and SpamAssassin 3.3+. .PD .IP "\fB--sa_timings_percentiles \fR\`\fIP1 [P2 ...]\fR\'" Specifies the percentiles shown in the SpamAssassin Timings report. The arguments \fIP1 ...\fR are integers from 0 to 100 inclusive. Their order will be preserved in the report. .IP "\fB--nosa_timings\fR" Disables the SpamAssassin Timings report. .IP "\fB--version\fR" Print \fBamavis-logwatch\fR version information. .PD 0 .IP "\fB--score_frequencies \fR\`\fIB1 [B2 ...]\fR\'" .IP "\fB--score_frequencies default" .PD Enables the Spam Score Frequency report. The arguments \fIB1 ...\fR are frequency distribution buckets, and can be any real numbers. Their order will be preserved in the report. The keyword \fBdefault\fR uses the built-in default values. .IP "\fB--noscore_frequencies\fR" Disables the Spam Score Frequency report. .PD 0 .IP "\fB--score_percentiles \fR\`\fIP1 [P2 ...]\fR\'" .IP "\fB--score_percentiles default" .PD Enables the Spam Score Percentiles report. The arguments \fIP1 ...\fR specify the percentiles shown in the report, and are integers from 0 to 100 inclusive. The keyword \fBdefault\fR uses the built-in default values. .IP "\fB--noscore_percentiles\fR" Disables the Spam Score Percentiles report. .IP "\fB--[no]sect_vars\fR" .PD 0 .IP "\fB--show_sect_vars \fIboolean\fR" .PD Enables (disables) supplementing each \fBDetailed\fR section title with the name of that section's level limiter. The name displayed is the command line option (or configuration file variable) used to limit that section's output. . With the large number of level limiters available in \fBamavis-logwatch\fR, this a convenient mechanism for determining exactly which level limiter affects a section. .IP "\fB--[no]startinfo\fR" .PD 0 .IP "\fB--show_startinfo \fIboolean\fR" .PD Enables (disables) the Amavis startup report showing most recent Amavis startup details. .IP "\fB--[no]summary\fR" .IP "\fB--show_summary\fR" Enables (disables) displaying of the the \fBSummary\fR section of the report. The variable Amavis_Show_Summary in used in a configuration file. .IP "\fB--syslog_name \fInamepat\fR" Specifies the syslog service name that \fBamavis-logwatch\fR uses to match syslog lines. Only log lines whose service name matches the perl regular expression \fInamepat\fR will be used by \fBamavis-logwatch\fR; all non-matching lines are silently ignored. This is useful when a pre-installed Amavis package uses a name other than the default (\fBamavis\fR). \fBNote:\fR if you use parenthesis in your regular expression, be sure they are cloistering and not capturing: use \fB(?:\fIpattern\fB)\fR instead of \fB(\fIpattern\fB)\fR. .PD 0 .IP "\fB--timings \fR\fIpercent\fR" Enables the Amavis Scan Timings percentiles report. The report can be top N-percent limited with the \fIpercent\fR argument. .PD .IP "\fB--timings_percentiles \fR\`\fIP1 [P2 ...]\fR\'" Specifies the percentiles shown in the Scan Timings report. The arguments \fIP1 ...\fR are integers from 0 to 100 inclusive. Their order will be preserved in the report. .IP "\fB--notimings\fR" Disables the Amavis Scan Timings report. .IP "\fB--version\fR" Print \fBamavis-logwatch\fR version information. .SS Level Limiters .PP The output of every section in the \fBDetailed\fR report is controlled by a level limiter. The name of the level limiter variable will be output when the \fBsect_vars\fR option is set. Level limiters are set either via command line in standalone mode with \fB--limit \fIlimiter\fB=\fIlevelspec\fR option, or via configuration file variable \fB$amavis_\fIlimiter\fB=\fIlevelspec\fR. Each limiter requires a \fIlevelspec\fR argument, which is described below in \fBLEVEL CONTROL\fR. The list of level limiters is shown below. .de TQ . br . ns . TP \\$1 .. .PD 0 .PP Amavis major contents category (ccatmajor) sections, listed in order of priority: VIRUS, BANNED, UNCHECKED, SPAM, SPAMMY, BADH, OVERSIZED, MTA, CLEAN. .IP "\fBMalwareBlocked" .IP "\fBMalwarePassed" Blocked or passed messages that contain malware (ccatmajor: VIRUS). .IP "\fBBannedNameBlocked" .IP "\fBBannedNamePassed" Blocked or passed messages that contain banned names in MIME parts (ccatmajor: BANNED). .IP "\fBUncheckedBlocked" .IP "\fBUncheckedPassed" Blocked or passed messages that were not checked by a virus scanner or SpamAssassin (Amavis ccatmajor: UNCHECKED). .IP "\fBSpamBlocked" .IP "\fBSpamPassed" Blocked or passed messages that were considered spam that reached kill level (Amavis ccatmajor: SPAM) .IP "\fBSpammyBlocked" .IP "\fBSpammyPassed" Blocked or passed messages that were considered spam, but did not reach kill level (Amavis ccatmajor: SPAMMY) .IP "\fBBadHeaderBlocked" .IP "\fBBadHeaderPassed" Blocked or passed messages that contain bad mail headers (ccatmajor: BAD-HEADER). .IP "\fBOversizedBlocked" .IP "\fBOversizedPassed" Blocked or passed messages that were considered oversized (Amavis ccatmajor: OVERSIZED). .IP "\fBMtaBlocked" .IP "\fBMtaPassed" Blocked or passed messages due to failure to re-inject to MTA (Amavis ccatmajor: MTA-BLOCKED). Occurrences of this event indicates a configuration problem. [ note: I don't believe mtapassed occurs, but exists for completeness.] .IP "\fBOtherBlocked" .IP "\fBOtherPassed" Blocked or passed messages that are not any of other major contents categories (Amavis ccatmajor: OTHER). .IP "\fBTempFailBlocked" .IP "\fBTempfailPassed" Blocked or passed messages that had a temporary failure (Amavis ccatmajor: TEMPFAIL) .IP "\fBCleanBlocked" .IP "\fBCleanPassed " Messages blocked or passed which were considered clean (Amavis ccatmajor: CLEAN; i.e. non-spam, non-viral). .PP Other sections, arranged alphabetically: .IP "\fBAvConnectFailure" Problems connecting to Anti-Virus scanner(s). .IP "\fBAvTimeout" Timeouts awaiting responses from Anti-Virus scanner(s). .IP "\fBArchiveExtract" Archive extraction problems. .IP "\fBBadHeaderSupp" Supplemental debug information regarding messages containing bad mail headers. .IP "\fBBayes" Messages frequencies by Bayesian probability buckets. .IP "\fBBadAddress" Invalid mail address syntax. .IP "\fBBlacklisted" Messages that were (soft-)blacklisted. See also Whitelisted below. .IP "\fBBounceKilled" .IP "\fBBounceRescued" .IP "\fBBounceUnverifiable" Disposition of incoming bounce messages (DSNs). .IP "\fBContentType" MIME attachment breakdown by type/subtype. .IP "\fBDccError" Errors encountered with or returned by DCC. .IP "\fBDefangError" Errors encountered during defang process. .IP "\fBDefanged" Messages defanged (rendered harmless). .IP "\fBDsnNotification" Errors encountered during attempt to send delivery status notification. .IP "\fBDsnSuppressed" Delivery status notification (DSN) intentionally suppressed. .IP "\fBExtraModules" Additional code modules Amavis loaded during runtime. .IP "\fBFakeSender" Forged sender addresses, as determimed by Amavis. .IP "\fBFatal" Fatal events. These are presented at the top of the report, as they may require attention. .IP "\fBLocalDeliverySkipped" Failures delivering to a local address. .IP "\fBMalwareByScanner" Breakdown of malware by scanner(s) that detected the malware. .IP "\fBMimeError" Errors encountered during MIME extraction. .IP "\fBPanic" Panic events. These are presented at the top of the report, as they may require attention. .IP "\fBp0f" Passive fingerprint (p0f) hits, grouped by mail contents type (virus, unchecked, banned, spam, ham), next by operating system genre, and finally by IP address. Note: Windows systems are refined by Windows OS version, whereas versions of other operating systems are grouped generically. .IP "\fBReleased" Messages that were released from Amavis quarantine. .IP "\fBSADiags" Diagnostics as reported from SpamAssassin. .IP "\fBSmtpResponse" SMTP responses received during dialog with MTA. These log entries are primarly debug. .IP "\fBTmpPreserved" Temporary directories preserved by Amavis when some component encounters a problem or failure. Directories listed and their corresponding log entries should be evaluated for problems. .IP "\fBVirusScanSkipped" Messages that could not be scanned by a virus scanner. .IP "\fBWarning" Warning events not categorized in specific warnings below. These are presented at the top of the report, as they may require attention. .IP "\fBWarningAddressModified" Incomplete email addresses modified by Amavis for safety. .IP "\fBWarningNoQuarantineId" Attempts to release a quarantined message that did not contain an X-Quarantine-ID header. .IP "\fBWarningSecurity \fIlevelspec\fR" Insecure configuration or utility used by Amavis. .IP "\fBWarningSmtpShutdown" Failures during SMTP conversation with MTA. .IP "\fBWarningSql" Failures to communicate with, or error replies from, SQL service. .IP "\fBWhitelisted" Messages that were (soft-)whitelisted. See also Blacklisted above. .PD .SH LEVEL CONTROL .ad .fi The \fBDetailed\fR section of the report consists of a number of sub-sections, each of which is controlled both globally and independently. Two settings influence the output provided in the \fBDetailed\fR report: a global detail level (specified with \fB--detail\fR) which has final (big hammer) output-limiting control over the \fBDetailed\fR section, and sub-section specific detail settings (small hammer), which allow further limiting of the output for a sub-section. Each sub-section may be limited to a specific depth level, and each sub-level may be limited with top N or threshold limits. The \fIlevelspec\fR argument to each of the level limiters listed above is used to accomplish this. It is probably best to continue explanation of sub-level limiting with the following well-known outline-style hierarchy, and some basic examples: .nf level 0 level 1 level 2 level 3 level 4 level 4 level 2 level 3 level 4 level 4 level 4 level 3 level 4 level 3 level 1 level 2 level 3 level 4 .fi .PP The simplest form of output limiting suppresses all output below a specified level. For example, a \fIlevelspec\fR set to "2" shows only data in levels 0 through 2. Think of this as collapsing each sub-level 2 item, thus hiding all inferior levels (3, 4, ...), to yield: .nf level 0 level 1 level 2 level 2 level 1 level 2 .fi .PP Sometimes the volume of output in a section is too great, and it is useful to suppress any data that does not exceed a certain threshold value. Consider a dictionary spam attack, which produces very lengthy lists of hit-once recipient email or IP addresses. Each sub-level in the hierarchy can be threshold-limited by setting the \fIlevelspec\fR appropriately. Setting \fIlevelspec\fR to the value "2::5" will suppress any data at level 2 that does not exceed a hit count of 5. .PP Perhaps producing a top N list, such as top 10 senders, is desired. A \fIlevelspec\fR of "3:10:" limits level 3 data to only the top 10 hits. .PP With those simple examples out of the way, a \fIlevelspec\fR is defined as a whitespace- or comma-separated list of one or more of the following: .IP "\fIl\fR" Specifies the maximum level to be output for this sub-section, with a range from 0 to 10. if \fIl\fR is 0, no levels will be output, effectively disabling the sub-section (level 0 data is already provided in the Summary report, so level 1 is considered the first useful level in the \fBDetailed\fR report). Higher values will produce output up to and including the specified level. .IP "\fIl\fB.\fIn\fR" Same as above, with the addition that \fIn\fR limits this section's level 1 output to the top \fIn\fR items. The value for \fIn\fR can be any integer greater than 1. (This form of limiting has less utility than the syntax shown below. It is provided for backwards compatibility; users are encouraged to use the syntax below). .IP "\fIl\fB:\fIn\fB:\fIt\fR" This triplet specifies level \fIl\fR, top \fIn\fR, and minimum threshold \fIt\fR. Each of the values are integers, with \fIl\fR being the level limiter as described above, \fIn\fR being a top \fIn\fR limiter for the level \fIl\fR, and \fIt\fR being the threshold limiter for level \fIl\fR. When both \fIn\fR and \fIt\fR are specified, \fIn\fR has priority, allowing top \fIn\fR lists (regardless of threshold value). If the value of \fIl\fR is omitted, the specified values for \fIn\fR and/or \fIt\fR are used for all levels available in the sub-section. This permits a simple form of wildcarding (eg. place minimum threshold limits on all levels). However, specific limiters always override wildcard limiters. The first form of level limiter may be included in \fIlevelspec\fR to restrict output, regardless of how many triplets are present. .PP All three forms of limiters are effective only when \fBamavis-logwatch\fR's detail level is 5 or greater (the \fBDetailed\fR section is not activated until detail is at least 5). .PP See the \fBEXAMPLES\fR section for usage scenarios. .SH CONFIGURATION FILE .ad \fBAmavis-logwatch\fR can read configuration settings from a configuration file. Essentially, any command line option can be placed into a configuration file, and these settings are read upon startup. Because \fBamavis-logwatch\fR can run either standalone or within Logwatch, to minimize confusion, \fBamavis-logwatch\fR inherits Logwatch's configuration file syntax requirements and conventions. These are: .IP \(bu 4'. White space lines are ignored. .IP \(bu 4'. Lines beginning with \fB#\fR are ignored .IP \(bu 4'. Settings are of the form: .nf \fIoption\fB = \fIvalue\fR .fi .IP \(bu 4'. Spaces or tabs on either side of the \fB=\fR character are ignored. .IP \(bu 4'. Any \fIvalue\fR protected in double quotes will be case-preserved. .IP \(bu 4'. All other content is reduced to lowercase (non-preserving, case insensitive). .IP \(bu 4'. All \fBamavis-logwatch\fR configuration settings must be prefixed with "\fB$amavis_\fR" or \fBamavis-logwatch\fR will ignore them. .IP \(bu 4'. When running under Logwatch, any values not prefixed with "\fB$amavis_\fR" are consumed by Logwatch; it only passes to \fBamavis-logwatch\fR (via environment variable) settings it considers valid. .IP \(bu 4'. The values \fBTrue\fR and \fBYes\fR are converted to 1, and \fBFalse\fR and \fBNo\fR are converted to 0. .IP \(bu 4'. Order of settings is not preserved within a configuration file (since settings are passed by Logwatch via environment variables, which have no defined order). .PP To include a command line option in a configuration file, prefix the command line option name with the word "\fB$amavis_\fR". The following configuration file setting and command line option are equivalent: .nf \fB$amavis_Line_Style = Truncate\fR \fB--line_style Truncate\fR .fi Level limiters are also prefixed with \fB$amavis_\fR, but on the command line are specified with the \fB--limit\fR option: .nf \fB$amavis_SpamBlocked = 2\fR \fB--limit SpamBlocked=2\fR .fi The order of command line options and configuration file processing occurs as follows: 1) The default configuration file is read if it exists and no \fB--config_file\fR was specified on a command line. 2) Configuration files are read and processed in the order found on the command line. 3) Command line options override any options already set either via command line or from any configuration file. Command line options are interpreted when they are seen on the command line, and later options will override previously set options. .SH "EXIT STATUS" .na .nf .ad .fi The \fBamavis-logwatch\fR utility exits with a status code of 0, unless an error occurred, in which case a non-zero exit status is returned. .SH "EXAMPLES" .na .nf .ad .fi .SS Running Standalone \fBNote:\fR \fBamavis-logwatch\fR reads its log data from one or more named Amavis log files, or from STDIN. For brevity, where required, the examples below use the word \fIfile\fR as the command line argument meaning \fI/path/to/amavis.log\fR. Obviously you will need to substitute \fIfile\fR with the appropriate path. .nf .PP To run \fBamavis-logwatch\fR in standalone mode, simply run: .nf .RS 4 .PP \fBamavis-logwatch \fIfile\fR .RE 0 .nf .PP A complete list of options and basic usage is available via: .nf .RS 4 .PP \fBamavis-logwatch --help\fR .RE 0 .nf .PP To print a summary only report of Amavis log data: .nf .RS 4 .PP \fBamavis-logwatch --detail 1 \fIfile\fR .RE 0 .fi .PP To produce a summary report and a one-level detail report for May 25th: .nf .RS 4 .PP \fBgrep 'May 25' \fIfile\fB | amavis-logwatch --detail 5\fR .RE 0 .fi .PP To produce only a top 10 list of Sent email domains, the summary report and detailed reports are first disabled. Since commands line options are read and enabled left-to-right, the Sent section is re-enabled to level 1 with a level 1 top 10 limiter: .nf .RS 4 .PP \fBamavis-logwatch --nosummary --nodetail \\ --limit spamblocked '1 1:10:' \fIfile\fR .RE 0 .fi .PP The following command and its sample output shows a more complex level limiter example. The command gives the top 4 spam blocked recipients (level 1), and under with each recipient the top 2 sending IPs (level 2) and finally below that, only envelope from addresses (level 3) with hit counts greater than 6. Ellipses indicate top N or threshold-limited data: .nf .RS 4 .PP \fBamavis-logwatch --nosummary --nodetail \\ --limit spamblocked '1:4: 2:2: 3::6' \fIfile\fR .nf 19346 Spam blocked ----------------------------------- 756 joe@example.com 12 10.0.0.1 12 <> 12 10.99.99.99 12 <> ... 640 fred@example.com 8 10.0.0.1 8 <> 8 192.168.3.19 8 <> ... 595 peter@sample.net 8 10.0.0.1 8 <> 7 192.168.3.3 7 <> ... 547 paul@example.us 8 192.168.3.19 8 <> 7 10.0.0.1 7 <> ... ... .fi .RE 0 .fi .SS Running within Logwatch \fBNote:\fR Logwatch versions prior to 7.3.6, unless configured otherwise, required the \fB--print\fR option to print to STDOUT instead of sending reports via email. Since version 7.3.6, STDOUT is the default output destination, and the \fB--print\fR option has been replaced by \fB--output stdout\fR. Check your configuration to determine where report output will be directed, and add the appropriate option to the commands below. .PP To print a summary report for today's Amavis log data: .nf .RS 4 .PP \fBlogwatch --service amavis --range today --detail 1\fR .RE 0 .nf .PP To print a report for today's Amavis log data, with one level of detail in the \fBDetailed\fR section: .nf .RS 4 .PP \fBlogwatch --service amavis --range today --detail 5\fR .RE 0 .fi .PP To print a report for yesterday, with two levels of detail in the \fBDetailed\fR section: .nf .RS 4 .PP \fBlogwatch --service amavis --range yesterday --detail 6\fR .RE 0 .fi .PP To print a report from Dec 12th through Dec 14th, with four levels of detail in the \fBDetailed\fR section: .nf .RS 4 .PP \fBlogwatch --service amavis --range \\ 'between 12/12 and 12/14' --detail 8\fR .RE 0 .PP To print a report for today, with all levels of detail: .nf .RS 4 .PP \fBlogwatch --service amavis --range today --detail 10\fR .RE 0 .PP Same as above, but leaves long lines uncropped: .nf .RS 4 .PP \fBlogwatch --service amavis --range today --detail 11\fR .RE 0 .SS "Amavis Log Level" .PP Amavis provides additional log information when the variable \fB$log_level\fR is increased above the default 0 value. This information is used by the \fBamavis-logwatch\fR utility to provide additional reports, not available with the default \fB$log_level\fR=0 value. A \fB$log_level\fR of 2 is suggested. .PP If you prefer not to increase the noise level in your main mail or Amavis logs, you can configure syslog to log Amavis' output to multiple log files, where basic log entries are routed to your main mail log(s) and more detailed entries routed to an Amavis-specific log file used to feed the \fBamavis-logwatch\fR utility. .PP A convenient way to accomplish this is to change the Amavis configuration variables in \fBamavisd.conf\fR as shown below: .nf amavisd.conf: $log_level = 2; $syslog_facility = 'local5'; $syslog_priority = 'debug'; .fi .PP This increases \fB$log_level\fR to 2, and sends Amavis' log entries to an alternate syslog facility (eg. \fBlocal5\fR, user), which can then be routed to one or more log files, including your main mail log file: .nf syslog.conf: #mail.info -/var/log/maillog mail.info;local5.notice -/var/log/maillog local5.info -/var/log/amavisd-info.log .fi .PP \fBAmavis\fR' typical \fB$log_level\fR 0 messages will be directed to both your maillog and to the \fBamavisd-info.log\fR file, but higher \fB$log_level\fR messages will only be routed to the \fBamavisd-info.log\fR file. For additional information on Amavis' logging, search the file \fBRELEASE_NOTES\fR in the Amavis distribution for: .nf "syslog priorities are now dynamically derived" .fi .SH "ENVIRONMENT" .na .nf .ad .fi The \fBamavis-logwatch\fR program uses the following (automatically set) environment variables when running under Logwatch: .IP \fBLOGWATCH_DETAIL_LEVEL\fR This is the detail level specified with the Logwatch command line argument \fB--detail\fR or the \fBDetail\fR setting in the ...conf/services/amavis.conf configuration file. .IP \fBLOGWATCH_DEBUG\fR This is the debug level specified with the Logwatch command line argument \fB--debug\fR. .IP \fBamavis_\fIxxx\fR The Logwatch program passes all settings \fBamavis_\fIxxx\fR in the configuration file ...conf/services/amavis.conf to the \fBamavis\fR filter (which is actually named .../scripts/services/amavis) via environment variable. .SH "FILES" .na .nf .SS Standalone mode .IP "/usr/local/bin/amavis-logwatch" The \fBamavis-logwatch\fR program .IP "/usr/local/etc/amavis-logwatch.conf" The \fBamavis-logwatch\fR configuration file in standalone mode .SS Logwatch mode .IP "/etc/logwatch/scripts/services/amavis" The Logwatch \fBamavis\fR filter .IP "/etc/logwatch/conf/services/amavis.conf" The Logwatch \fBamavis\fR filter configuration file .SH "SEE ALSO" .na .nf logwatch(8), system log analyzer and reporter .SH "README FILES" .na .ad .nf README, an overview of \fBamavis-logwatch\fR Changes, the version change list history Bugs, a list of the current bugs or other inadequacies Makefile, the rudimentary installer LICENSE, the usage and redistribution licensing terms .SH "LICENSE" .na .nf .ad Covered under the included MIT/X-Consortium License: http://www.opensource.org/licenses/mit-license.php .SH "AUTHOR(S)" .na .nf Mike Cappella .fi The original \fBamavis\fR Logwatch filter was written by Jim O'Halloran, and has had many contributors over the years. They are entirely not responsible for any errors, problems or failures since the current author's hands have touched the source code. logwatch-7.4.0+svn20130529rev144/conf/000077500000000000000000000000001215235751200166605ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/conf/html/000077500000000000000000000000001215235751200176245ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/conf/html/footer.html000066400000000000000000000022341215235751200220110ustar00rootroot00000000000000

Logwatch ©Copyright 2002-2006 Kirk Bauer

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

logwatch-7.4.0+svn20130529rev144/conf/html/header.html000066400000000000000000000021751215235751200217470ustar00rootroot00000000000000 Logwatch $Version ( $VDate )
logwatch-7.4.0+svn20130529rev144/conf/ignore.conf000066400000000000000000000017111215235751200210120ustar00rootroot00000000000000######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net. # ######################################################## ####################################################### #Ignore entries for logwatch. ###################################################### #This file is used to filter out any lines that you # do not want to see in your reports. # #Simply cut and paste as much of the line as needed # below be warned that it is possible to really # limit your reports by placing a bad value below. # #BAD EXMAPLE: putting a single "." alone on a line will # filter all output ###################################################### #STARTTLS=server: file /etc/mail/certs/cert.pem unsafe #pam_succeed_if: requirement "uid < 100" not met # vi: shiftwidth=3 tabstop=3 syntax=perl et logwatch-7.4.0+svn20130529rev144/conf/logfiles/000077500000000000000000000000001215235751200204645ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/conf/logfiles/audit_log.conf000066400000000000000000000012051215235751200233000ustar00rootroot00000000000000######################################################## # Define log file group for mod_security ######################################################## # Where the log files are - you will need to match this to your configuration # Note that a relative path like this will be expanded automatically to the # standard log path (e.g. /var/log/... ) LogFile = modsecurity2/modsec_audit.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... # Note: if these are gzipped, you need to end with a .gz even if you use wildcards... Archive = modsecurity2/modsec_audit.log.* logwatch-7.4.0+svn20130529rev144/conf/logfiles/autorpm.conf000066400000000000000000000011601215235751200230200ustar00rootroot00000000000000########################################################################## # $Id: autorpm.conf,v 1.4 2005/02/24 17:05:18 kirk Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = /var/spool/autorpm/install.log # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/bfd.conf000066400000000000000000000010111215235751200220570ustar00rootroot00000000000000########################################################################## # $Id: bfd.conf,v 1.1 2007/04/15 19:48:23 bjorn Exp $ ########################################################################## # $Log: bfd.conf,v $ # Revision 1.1 2007/04/15 19:48:23 bjorn # New bfd (Brute Force Detection) service, by Andy Bolstridge. # ########################################################################## # Which logfile group... LogFile = /var/log/bfd_log Archive = /var/log/bfd_log.* Archive = /var/log/bfd_log-* logwatch-7.4.0+svn20130529rev144/conf/logfiles/cisco.conf000066400000000000000000000017601215235751200224370ustar00rootroot00000000000000########################################################################## # $Id: cisco.conf,v 1.6 2007/10/01 16:55:18 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Laurent DUFOUR , # based on the work of # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to laurent.dufour@havas.com ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = cisco.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... Archive = cisco.log.* Archive = cisco.log-* # Expand the repeats (actually just removes them now) #*ExpandRepeats # Keep only the lines in the proper date range... #*ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/citadel.conf000066400000000000000000000014241215235751200227410ustar00rootroot00000000000000########################################################################## # $Id$ ########################################################################## ######################################################## # This was written and is maintained by: # Stefan Jakobs # # Please send all comments, suggestions, bug reports, # etc, to . ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = citadel.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... Archive = citadel.log.* # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/clam-update.conf000066400000000000000000000044501215235751200235320ustar00rootroot00000000000000######################################################################### # clam-update script for Logwatch # Analyzes the Clam Anti-Virus update log # # Version: 1.0.0 # Initial release # Version: 1.0.1 # Minor documentation update # # Written by: Lars Skjærlund ######################################################################### ######################################################################### # This script is subject to the same copyright as Logwatch itself ######################################################################### ######################################################################### # Files - all shown with default paths: # # /usr/share/logwatch/default.conf/logfiles/clam-update.conf (this file) # /usr/share/logwatch/default.conf/services/clam-update.conf # /usr/share/logwatch/scripts/services/clam-update # # ... and of course # # /var/log/clam-update ######################################################################### ######################################################################### # Important note: # # Under normal operation - ie. a detail level of 'lo' (0), no output will # be produced if no updates have taken place. However, if no update # attempt has been done, an alert will be output to inform you about this # (which probably means that freshclam isn't running). # # If you have stopped using ClamAV and would like to get rid of the # alert, you should delete the logfile. If there's no logfile, no alerts # will be output - but if Logwatch finds a logfile and no update attempts # have been made for whatever timeperiod Logwatch is analyzing, an alert # will be output. ######################################################################### # What actual file? Defaults to LogPath if not absolute path.... LogFile = clam-update LogFile = freshclam.log LogFile = clamav/freshclam.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... Archive = clam-update.* Archive = freshclam.log.* Archive = clamav/freshclam.log.* Archive = archiv/clam-update.* Archive = archiv/freshclam.log.* Archive = clam-update-* Archive = freshclam.log-* Archive = clamav/freshclam.log-* Archive = archiv/clam-update-* Archive = archiv/freshclam.log-* # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/clamav.conf000066400000000000000000000015101215235751200225730ustar00rootroot00000000000000######################################################################### # Files - all shown with default paths: # # /usr/share/logwatch/default.conf/logfiles/clamav.conf (this file) # /usr/share/logwatch/default.conf/services/clamav.conf # /usr/share/logwatch/scripts/services/clamav # # ... and of course # # /var/log/clamd.log ######################################################################### # What actual file? Defaults to LogPath if not absolute path.... LogFile = clamd LogFile = clamav LogFile = clamd.log LogFile = clamav.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... Archive = clamd.* Archive = clamav.* Archive = clamav/clamd.* Archive = clamav/clamav.* Archive = archiv/clamd.* Archive = archiv/clamav.* # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/cron.conf000066400000000000000000000015611215235751200222770ustar00rootroot00000000000000########################################################################## # $Id: cron.conf,v 1.12 2007/10/01 16:55:18 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... #Solaris is /var/cron/log -mgt LogFile = /var/cron/log LogFile = cron # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... Archive = cron.* Archive = archiv/cron.* Archive = cron-* Archive = archiv/cron-* *RemoveService = anacron # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/daemon.conf000066400000000000000000000017521215235751200226030ustar00rootroot00000000000000########################################################################### # $Id: daemon.conf,v 1.2 2007/10/01 16:55:18 mike Exp $ ########################################################################### # $Log: daemon.conf,v $ # Revision 1.2 2007/10/01 16:55:18 mike # Removed OnlyHost config in these files. It was not working correctly and has been added in the main script when it is needed. -mgt # # Revision 1.1 2006/03/21 03:01:34 bjorn # Debian-specific log files, by Willi Mann. # ########################################################################### # daemon log file for debian-based systems LogFile = daemon.log LogFile = daemon.log.0 Archive = daemon.log.*.gz Archive = daemon.log-*.gz *ExpandRepeats *ApplyStdDate ########################################################################### # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ########################################################################### logwatch-7.4.0+svn20130529rev144/conf/logfiles/denyhosts.conf000066400000000000000000000010101215235751200233430ustar00rootroot00000000000000############################################################################### # $Id: denyhosts.conf,v 1.1 2006/11/12 18:32:54 bjorn Exp $ ############################################################################### # $Log: denyhosts.conf,v $ # Revision 1.1 2006/11/12 18:32:54 bjorn # New service denyhosts, by grubert. # ############################################################################### LogFile = denyhosts Archive = denyhosts.* Archive = denyhosts-* *ApplyEuroDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/dnssec.conf000066400000000000000000000054201215235751200226130ustar00rootroot00000000000000############################################################################# # $Id: dnssec.conf,v 1.1 2005/10/19 05:57:40 bjorn Exp $ ############################################################################# # $Log: dnssec.conf,v $ # Revision 1.1 2005/10/19 05:57:40 bjorn # dnssec and resolver scripts, written by Lindy Foster # ############################################################################# #Copyright (c) 2004, Sparta, Inc #All rights reserved. # #Redistribution and use in source and binary forms, with or without #modification, are permitted provided that the following conditions are met: # #* Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # #* Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # #* Neither the name of Sparta, Inc nor the names of its contributors may # be used to endorse or promote products derived from this software # without specific prior written permission. # #THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS #IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, #THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR #PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR #CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, #EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, #PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; #OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, #WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR #OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF #ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ############################################################################# ############################################################################# # These scripts were created as part of the dnssec-tools project. # For more information, see http://sourceforge.net/dnssec-tools. # Detailed instructions for setting up BIND 9.3.* to use these logwatch # configuration files and scripts are containted in the README file # on sourceforge. ############################################################################# ######################################################## # Define log file group for DNSSEC ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = dnssec # Expand the repeats (actually just removes them now) *ExpandRepeats # Keep only the lines in the proper date range... *ApplyBindDate logwatch-7.4.0+svn20130529rev144/conf/logfiles/dpkg.conf000066400000000000000000000015411215235751200222610ustar00rootroot00000000000000########################################################################## # $Id: dpkg.conf,v 1.1 2006/12/15 04:39:22 bjorn Exp $ ########################################################################## # $Log: dpkg.conf,v $ # Revision 1.1 2006/12/15 04:39:22 bjorn # New dpkg scripts, by Willi Mann. # ########################################################################## # Created by HMR 2/28/06 # Modified by Willi Mann # # What actual file? Defaults to LogPath if not absolute path.... LogFile = dpkg.log LogFile = dpkg.log.1 # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... # Note: if these are gzipped, you need to end with a .gz even if # you use wildcards... Archive = dpkg.log.*.gz Archive = dpkg.log-*.gz *ApplyEuroDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/emerge.conf000066400000000000000000000016601215235751200226020ustar00rootroot00000000000000########################################################################## # $Id: emerge.conf,v 1.4 2006/03/21 01:47:28 bjorn Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Laurent DUFOUR , # based on the work of # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to laurent.dufour at havas.com ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = emerge.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = emerge.log.* Archive = emerge.log-* #*ApplyUSDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/eventlog.conf000066400000000000000000000027151215235751200231630ustar00rootroot00000000000000########################################################################## # $Id: eventlog.conf,v 1.2 2007/10/01 16:55:18 mike Exp $ ########################################################################## # $Log: eventlog.conf,v $ # Revision 1.2 2007/10/01 16:55:18 mike # Removed OnlyHost config in these files. It was not working correctly and has been added in the main script when it is needed. -mgt # # Revision 1.1 2007/04/28 22:50:24 bjorn # Added files for Windows Event Log, by Orion Poplawski. These are for # Windows events logged to a server, using Snare Agent or similar. # ########################################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = eventlog # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... # Note: if these are gzipped, you need to end with a .gz even if # you use wildcards... #If you use a "-" in naming add that as well -mgt Archive = eventlog.* Archive = eventlog.*.gz Archive = archiv/eventlog.* Archive = archiv/eventlog.*.gz Archive = eventlog-* Archive = eventlog-*.gz Archive = archiv/eventlog-* Archive = archiv/eventlog-*.gz # Expand the repeats (actually just removes them now) *ExpandRepeats # Now, lets remove the services we don't care about at all... #*RemoveService = talkd # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/exim.conf000066400000000000000000000022471215235751200223020ustar00rootroot00000000000000########################################################################### # $Id: exim.conf,v 1.8 2006/03/21 01:47:28 bjorn Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 # Which logfile group... LogFile = exim/main.log LogFile = exim/mainlog LogFile = exim4/mainlog Archive = exim/main.log.* Archive = archiv/exim/main.log.* Archive = exim/mainlog.* Archive = exim4/mainlog.* Archive = exim/main.log-* Archive = archiv/exim/main.log-* Archive = exim/mainlog-* Archive = exim4/mainlog-* ######################################################## # This was written by: # Dariusz Nierada (dnierada@kat.supermedia.pl) # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/extreme-networks.conf000066400000000000000000000020331215235751200246540ustar00rootroot00000000000000########################################################################## # $Id: extreme-networks.conf,v 1.4 2007/10/01 16:55:18 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Laurent DUFOUR , # based on the work of # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to laurent.dufour@havas.com ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = extreme-networks.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... Archive = extreme-networks.log.* Archive = extreme-networks.log-* # Expand the repeats (actually just removes them now) #*ExpandRepeats # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/fail2ban.conf000066400000000000000000000017061215235751200230150ustar00rootroot00000000000000########################################################################### # $Id: fail2ban.conf,v 1.2 2006/12/15 04:53:39 bjorn Exp $ ########################################################################### # $Log: fail2ban.conf,v $ # Revision 1.2 2006/12/15 04:53:39 bjorn # Now using ApplyEuroDate, by Willi Mann. # # Revision 1.1 2006/05/30 19:04:26 bjorn # Added fail2ban service, written by Yaroslav Halchenko. # ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 *ApplyEuroDate LogFile = fail2ban.log Archive = fail2ban.log.1 Archive = fail2ban.log.*.gz Archive = fail2ban.log-* logwatch-7.4.0+svn20130529rev144/conf/logfiles/freeradius.conf000066400000000000000000000012311215235751200234610ustar00rootroot00000000000000########################################################################## # freeradius # Marczona # 28.12.2011 ########################################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = freeradius/radius.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = freeradius/radius.log.* # Expand the repeats (actually just removes them now) #*ExpandRepeats # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/http-error.conf000066400000000000000000000024451215235751200234460ustar00rootroot00000000000000######################################################## # Define log file group for httpd ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = httpd/*error_log LogFile = apache/*error.log.1 LogFile = apache/*error.log LogFile = apache2/*error.log.1 LogFile = apache2/*error.log LogFile = apache2/*error_log LogFile = apache-ssl/*error.log.1 LogFile = apache-ssl/*error.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = archiv/httpd/*error_log.* Archive = httpd/*error_log.* Archive = apache/*error.log.*.gz Archive = apache2/*error.log.*.gz Archive = apache2/*error_log.*.gz Archive = apache-ssl/*error.log.*.gz Archive = varnish/*error.log.*.gz Archive = archiv/httpd/*error_log-* Archive = httpd/*error_log-* Archive = apache/*error.log-*.gz Archive = apache2/*error.log-*.gz Archive = apache2/*error_log-*.gz Archive = apache-ssl/*error.log-*.gz # Expand the repeats (actually just removes them now) *ExpandRepeats # Keep only the lines in the proper date range... *ApplyhttpDate # or use a custom time filter: # *ApplyStdDate = "\[%a %b %d %H:%M:%S %Y\]" # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/http.conf000066400000000000000000000023121215235751200223100ustar00rootroot00000000000000######################################################## # Define log file group for httpd ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = httpd/*access_log LogFile = apache/*access.log.1 LogFile = apache/*access.log LogFile = apache2/*access.log.1 LogFile = apache2/*access.log LogFile = apache2/*access_log LogFile = apache-ssl/*access.log.1 LogFile = apache-ssl/*access.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = archiv/httpd/*access_log.* Archive = httpd/*access_log.* Archive = apache/*access.log.*.gz Archive = apache2/*access.log.*.gz Archive = apache2/*access_log.*.gz Archive = apache-ssl/*access.log.*.gz Archive = archiv/httpd/*access_log-* Archive = httpd/*access_log-* Archive = apache/*access.log-*.gz Archive = apache2/*access.log-*.gz Archive = apache2/*access_log-*.gz Archive = apache-ssl/*access.log-*.gz # Expand the repeats (actually just removes them now) *ExpandRepeats # Keep only the lines in the proper date range... *ApplyhttpDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/iptables.conf000066400000000000000000000015501215235751200231370ustar00rootroot00000000000000########################################################################## # $Id: iptables.conf,v 1.5 2007/09/25 16:44:58 bjorn Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = ulogd/ulogd.syslogemu # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... Archive = ulogd/ulogd.syslogemu.* Archive = ulogd/ulogd.syslogemu-* # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/kernel.conf000066400000000000000000000017411215235751200226160ustar00rootroot00000000000000########################################################################### # $Id: kernel.conf,v 1.2 2007/10/01 16:55:18 mike Exp $ ########################################################################### # $Log: kernel.conf,v $ # Revision 1.2 2007/10/01 16:55:18 mike # Removed OnlyHost config in these files. It was not working correctly and has been added in the main script when it is needed. -mgt # # Revision 1.1 2006/03/21 03:01:34 bjorn # Debian-specific log files, by Willi Mann. # ########################################################################### # kernel log file for debian-based systems LogFile = kern.log LogFile = kern.log.0 Archive = kern.log.*.gz Archive = kern.log-*.gz *ExpandRepeats *ApplyStdDate ########################################################################### # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ########################################################################### logwatch-7.4.0+svn20130529rev144/conf/logfiles/maillog.conf000066400000000000000000000021761215235751200227650ustar00rootroot00000000000000########################################################################## # $Id: maillog.conf,v 1.14 2007/10/01 16:55:18 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Kenneth Porter # # Please send all comments, suggestions, bug reports, # etc, to shiva@well.com. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = maillog LogFile = syslog LogFile = mail.log LogFile = mail.log.0 # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = maillog.* Archive = syslog.* Archive = archiv/maillog.* Archive = mail.log.*.gz Archive = maillog-* Archive = syslog-* Archive = archiv/maillog-* Archive = mail.log-*.gz # Expand the repeats (actually just removes them now) *ExpandRepeats # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/messages.conf000066400000000000000000000022441215235751200231440ustar00rootroot00000000000000########################################################################## # $Id: messages.conf,v 1.25 2009/06/12 14:16:06 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = messages # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = messages.* Archive = archiv/messages.* Archive = messages-* Archive = archiv/messages-* # Expand the repeats (actually just removes them now) *ExpandRepeats # Now, lets remove the services we don't care about at all... # Comma separated list works best -mgt *RemoveService = talkd,telnetd,inetd,nfsd,/sbin/mingetty,netscreen,NetScreen # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/mysql-mmm.conf000066400000000000000000000012561215235751200232700ustar00rootroot00000000000000########################################################################## # $Id$ ########################################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = mysql-mmm/mmm_agentd.log LogFile = mysql-mmm/mmm_agentd.log.1 LogFile = mysql-mmm/mmm_mond.log LogFile = mysql-mmm/mmm_mond.log.1 # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... Archive = mysql-mmm/mmm_agentd.log.*.gz Archive = mysql-mmm/mmm_mond.log.*.gz # Keep only the lines in the proper date range... *ApplyStdDate = "%Y/%m/%d %H:%M:%S" # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/mysql.conf000066400000000000000000000007731215235751200225070ustar00rootroot00000000000000######################################################## # Logfile definition for MySQL # File is to be placed in # /etc/logwatch/conf/logfiles/mysql.conf ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = /var/log/mysql/mysqld.err.1 LogFile = /var/log/mysql/mysqld.err Archive = /var/log/mysql/mysqld.err.*.gz Archive = /var/log/mysql/mysqld.err-*.gz # Expand the repeats (actually just removes them now) *ExpandRepeats logwatch-7.4.0+svn20130529rev144/conf/logfiles/netopia.conf000066400000000000000000000020511215235751200227700ustar00rootroot00000000000000########################################################################## # $Id: netopia.conf,v 1.4 2007/10/01 16:55:18 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Laurent DUFOUR , # based on the work of # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to laurent.dufour@havas.com ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = netopia.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = netopia.log.* Archive = netopia.log-* # Expand the repeats (actually just removes them now) #*ExpandRepeats # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/netscreen.conf000066400000000000000000000020611215235751200233200ustar00rootroot00000000000000########################################################################## # $Id: netscreen.conf,v 1.6 2007/10/01 16:55:18 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Laurent DUFOUR , # based on the work of # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to laurent.dufour@havas.com ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = netscreen.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = netscreen.log.* Archive = netscreen.log-* # Expand the repeats (actually just removes them now) #*ExpandRepeats # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/php.conf000066400000000000000000000025501215235751200221240ustar00rootroot00000000000000############################################################################### # $Id: php.conf,v 1.1 2006/11/12 18:28:31 bjorn Exp $ ############################################################################### # $Log: php.conf,v $ # Revision 1.1 2006/11/12 18:28:31 bjorn # New php service, by Jeremias Reith. # ############################################################################### # This was written and is maintained by: # Jeremias Reith # # Please send all comments, suggestions, bug reports, # etc, to jr@terragate.net and logwatch-devel@logatch.org # ############################################################################### # What actual file? Defaults to LogPath if not absolute path.... LogFile = httpd/php_log LogFile = apache2/php_error_log.1 LogFile = apache2/php_error_log LogFile = apache2/php_error.log.1 LogFile = apache2/php_error.log # adjust your php.ini accordingly: # error_log = /var/log/httpd/php_log # log_errors = On # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = httpd/php_log.* Archive = httpd/php_log-* Archive = apache2/php_error_log.* Archive = apache2/php_error_log-* Archive = apache2/php_error.log.* Archive = apache2/php_error.log-* # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/pix.conf000066400000000000000000000007511215235751200221360ustar00rootroot00000000000000########################################################################## # $Id: pix.conf,v 1.1 2006/12/20 04:37:13 bjorn Exp $ ########################################################################## # $Log: pix.conf,v $ # Revision 1.1 2006/12/20 04:37:13 bjorn # Config files for new service for cisco pix files. # ########################################################################## LogFile = pix.log Archive = pix.log.* Archive = pix.log-* # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/postgresql.conf000066400000000000000000000017341215235751200235430ustar00rootroot00000000000000# Logfile definition for PostgreSQL #Prerequisite: if you are using stderr as PostgreSQL log_destination, you must at #least set log_line_prefix = '%t ' in the postgresql.conf file. # What actual file? Defaults to LogPath if not absolute path.... LogFile = postgresql/postgresql.log LogFile = postgresql/postgresql.log.1 LogFile = postgresql/postgresql-*.log LogFile = postgresql/postgresql-*.log.1 # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = postgresql/postgresql.log.*.gz Archive = postgresql/postgresql-*.log.*.gz # Expand the repeats (actually just removes them now) *ExpandRepeats ########################################################################### ## Please send all comments, suggestions, bug reports, ## etc, to logwatch-devel@lists.sourceforge.net ############################################################################ logwatch-7.4.0+svn20130529rev144/conf/logfiles/pureftp.conf000066400000000000000000000016171215235751200230250ustar00rootroot00000000000000########################################################################## # $Id: pureftp.conf,v 1.7 2007/10/01 16:55:18 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = pureftp/syslog.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = pureftp/syslog.log.* Archive = pureftp/syslog.log-* # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/qmail-pop3d-current.conf000066400000000000000000000011531215235751200251410ustar00rootroot00000000000000########################################################################## # $Id: qmail-pop3d-current.conf,v 1.1 2005/09/07 00:37:59 bjorn Exp $ ########################################################################## # $Log: qmail-pop3d-current.conf,v $ # Revision 1.1 2005/09/07 00:37:59 bjorn # New qmail multilog files written by Bob Hutchinson # ########################################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = qmail/pop3d/@*.s LogFile = qmail/pop3d/current # Keep only the lines in the proper date range... *applytaidate logwatch-7.4.0+svn20130529rev144/conf/logfiles/qmail-pop3ds-current.conf000066400000000000000000000011571215235751200253300ustar00rootroot00000000000000########################################################################## # $Id: qmail-pop3ds-current.conf,v 1.1 2005/09/07 00:37:59 bjorn Exp $ ########################################################################## # $Log: qmail-pop3ds-current.conf,v $ # Revision 1.1 2005/09/07 00:37:59 bjorn # New qmail multilog files written by Bob Hutchinson # ########################################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = qmail/pop3ds/@*.s LogFile = qmail/pop3ds/current # Keep only the lines in the proper date range... *applytaidate logwatch-7.4.0+svn20130529rev144/conf/logfiles/qmail-send-current.conf000066400000000000000000000011351215235751200250450ustar00rootroot00000000000000########################################################################## # $Id: qmail-send-current.conf,v 1.1 2005/09/07 00:37:59 bjorn Exp $ ########################################################################## # $Log: qmail-send-current.conf,v $ # Revision 1.1 2005/09/07 00:37:59 bjorn # New qmail multilog files written by Bob Hutchinson # ########################################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = qmail/@*.s LogFile = qmail/current # Keep only the lines in the proper date range... *applytaidate logwatch-7.4.0+svn20130529rev144/conf/logfiles/qmail-smtpd-current.conf000066400000000000000000000011531215235751200252430ustar00rootroot00000000000000########################################################################## # $Id: qmail-smtpd-current.conf,v 1.1 2005/09/07 00:37:59 bjorn Exp $ ########################################################################## # $Log: qmail-smtpd-current.conf,v $ # Revision 1.1 2005/09/07 00:37:59 bjorn # New qmail multilog files written by Bob Hutchinson # ########################################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = qmail/smtpd/@*.s LogFile = qmail/smtpd/current # Keep only the lines in the proper date range... *applytaidate logwatch-7.4.0+svn20130529rev144/conf/logfiles/resolver.conf000066400000000000000000000055121215235751200231770ustar00rootroot00000000000000############################################################################# # $Id: resolver.conf,v 1.1 2005/10/19 05:57:40 bjorn Exp $ ############################################################################# # $Log: resolver.conf,v $ # Revision 1.1 2005/10/19 05:57:40 bjorn # dnssec and resolver scripts, written by Lindy Foster # ############################################################################# #Copyright (c) 2004, Sparta, Inc #All rights reserved. # #Redistribution and use in source and binary forms, with or without #modification, are permitted provided that the following conditions are met: # #* Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # #* Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # #* Neither the name of Sparta, Inc nor the names of its contributors may # be used to endorse or promote products derived from this software # without specific prior written permission. # #THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS #IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, #THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR #PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR #CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, #EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, #PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; #OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, #WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR #OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF #ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ############################################################################# ############################################################################# # These scripts were created as part of the dnssec-tools project. # For more information, see http://sourceforge.net/dnssec-tools. # Detailed instructions for setting up BIND 9.3.* to use these logwatch # configuration files and scripts are containted in the README file # on sourceforge. ############################################################################# ######################################################## # Define log file group for resolver ######################################################## # What actual file? Defaults to LogPath if not absolute path.... # only seems to work when log file is in /var/log LogFile = resolver # Expand the repeats (actually just removes them now) *ExpandRepeats # Keep only the lines in the proper date range... *ApplyBindDate logwatch-7.4.0+svn20130529rev144/conf/logfiles/rt314.conf000066400000000000000000000011451215235751200222110ustar00rootroot00000000000000########################################################################## # $Id: rt314.conf,v 1.7 2006/03/21 01:47:28 bjorn Exp $ ########################################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = netgear.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = netgear.log.* Archive = netgear.log-* # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/samba.conf000066400000000000000000000012401215235751200224130ustar00rootroot00000000000000########################################################################## # $Id: samba.conf,v 1.12 2007/10/02 17:04:12 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = samba-log.* LogFile = samba/*.log #Negate hostlimit command NoHostFilter = Yes # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/secure.conf000066400000000000000000000021701215235751200226210ustar00rootroot00000000000000########################################################################## # $Id: secure.conf,v 1.16 2007/10/01 16:55:18 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = secure LogFile = authlog LogFile = auth.log LogFile = auth.log.0 # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = secure.* Archive = archiv/secure.* Archive = authlog.* Archive = auth.log.*.gz Archive = secure-* Archive = archiv/secure-* Archive = authlog-* Archive = auth.log-*.gz # Expand the repeats (actually just removes them now) *ExpandRepeats # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/sonicwall.conf000066400000000000000000000020701215235751200233250ustar00rootroot00000000000000########################################################################## # $Id: sonicwall.conf,v 1.7 2007/10/01 16:55:18 mike Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Laurent DUFOUR , # based on the work of # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = sonicwall.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = sonicwall.log.* Archive = archiv/sonicwall.log.* Archive = sonicwall.log-* Archive = archiv/sonicwall.log-* # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/spamassassin.conf000066400000000000000000000023751215235751200240470ustar00rootroot00000000000000######################################################################## #spamassassin script for Logwatch # # Version: 1.0.0 # Initial release ######################################################################### ######################################################################### # This script is subject to the same copyright as Logwatch itself ######################################################################### ######################################################################### # Files - all shown with default paths: # # /usr/share/logwatch/default.conf/logfiles/spamassassin.conf (this file) # /usr/share/logwatch/default.conf/services/spamassassin.conf # /usr/share/logwatch/scripts/services/spamassassin # # ... and of course # # /var/log/spamassassin ######################################################################### # What actual file? Defaults to LogPath if not absolute path.... LogFile = maillog spamd/spamd.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... Archive = maillog[.-]* spamd/spamd.log[.-]* Archive = maillog[.-]*.gz spamd/spamd.log[.-]*.gz # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/syslog.conf000066400000000000000000000023151215235751200226540ustar00rootroot00000000000000########################################################################### # $Id: syslog.conf,v 1.3 2009/06/12 14:16:06 mike Exp $ ########################################################################### # $Log: syslog.conf,v $ # Revision 1.3 2009/06/12 14:16:06 mike # Change to comma separated list for RemoveService lines in syslog and message conf -mgt # # Revision 1.2 2007/10/01 16:55:18 mike # Removed OnlyHost config in these files. It was not working correctly and has been added in the main script when it is needed. -mgt # # Revision 1.1 2006/03/21 03:01:34 bjorn # Debian-specific log files, by Willi Mann. # ########################################################################### # Syslog file for debian-based systems Logfile = Archive = LogFile = syslog LogFile = syslog.0 Archive = syslog.*.gz Archive = syslog-*.gz *ExpandRepeats #Comma separated list works best -mgt *RemoveService = talkd,telnetd,inetd,nfsd,/sbin/mingetty *ApplyStdDate ########################################################################### # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ########################################################################### logwatch-7.4.0+svn20130529rev144/conf/logfiles/tac_acc.conf000066400000000000000000000006261215235751200227140ustar00rootroot00000000000000# What actual file? Defaults to LogPath if not absolute path.... LogFile = tac_acc.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = tac_acc.log.* Archive = tac_acc.log-* # Keep only the lines in the proper date range... *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/up2date.conf000066400000000000000000000014661215235751200227060ustar00rootroot00000000000000########################################################################## # $Id: up2date.conf,v 1.7 2006/03/21 01:47:28 bjorn Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Eric Moret # # Please send all comments, suggestions, bug reports, # etc, to eric.moret@epita.fr. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = up2date # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = up2date.* Archive = up2date-* # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/vdr.conf000077500000000000000000000012471215235751200221350ustar00rootroot00000000000000########################################################################## # $Id: vdr.conf,v 1.12 2011/10/07 17:04:12 reibuehl Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Reiner Buehl # # Please send all comments, suggestions, bug reports, # etc, to reiner@buehl.net. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = vdr.log LogFile = vdr.log.0 Archive = vdr.log.*.gz *ExpandRepeats *ApplyStdDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/vsftpd.conf000066400000000000000000000016041215235751200226420ustar00rootroot00000000000000########################################################################## # $Id: vsftpd.conf,v 1.7 2006/03/21 01:47:28 bjorn Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. # ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = vsftpd.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = vsftpd.log.* Archive = archiv/vsftpd.log.* Archive = vsftpd.log-* Archive = archiv/vsftpd.log-* *ApplyStdDate = # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/windows.conf000066400000000000000000000021031215235751200230210ustar00rootroot00000000000000########################################################################## # $Id: windows.conf,v 1.2 2007/10/01 16:55:18 mike Exp $ ########################################################################## ########################################################################## # This was written and is maintained by: # William Roumier # # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ########################################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = windows.log # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... # Note: if these are gzipped, you need to end with a .gz even if # you use wildcards... Archive = windows.log.* Archive = windows.log.*.gz Archive = windows.log-* Archive = windows.log-*.gz # Expand the repeats (actually just removes them now) *ExpandRepeats # Keep only the lines in the proper date range... *ApplyStdDate logwatch-7.4.0+svn20130529rev144/conf/logfiles/xferlog.conf000066400000000000000000000015461215235751200230070ustar00rootroot00000000000000########################################################################## # $Id: xferlog.conf,v 1.15 2006/03/21 01:47:28 bjorn Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # What actual file? Defaults to LogPath if not absolute path.... LogFile = xferlog # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... #If you use a "-" in naming add that as well -mgt Archive = xferlog.* Archive = archiv/xferlog.* Archive = xferlog-* Archive = archiv/xferlog-* # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/yum.conf000066400000000000000000000002041215235751200221410ustar00rootroot00000000000000# What actual file? Defaults to LogPath if not absolute path.... LogFile = yum.log #*ApplyUSDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logfiles/zypp.conf000066400000000000000000000010341215235751200223330ustar00rootroot00000000000000########################################################################## # $Id$ ########################################################################## # # What actual file? Defaults to LogPath if not absolute path.... LogFile = zypp/history # If the archives are searched, here is one or more line # (optionally containing wildcards) that tell where they are... # Note: if these are gzipped, you need to end with a .gz even if # you use wildcards... Archive = zypp/history.*.gz *ApplyEuroDate # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/logwatch.conf000066400000000000000000000121701215235751200213400ustar00rootroot00000000000000######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. # ######################################################## # NOTE: # All these options are the defaults if you run logwatch with no # command-line arguments. You can override all of these on the # command-line. # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 # Default Log Directory # All log-files are assumed to be given relative to this directory. LogDir = /var/log # You can override the default temp directory (/tmp) here TmpDir = /var/cache/logwatch #Output/Format Options #By default Logwatch will print to stdout in text with no encoding. #To make email Default set Output = mail to save to file set Output = file Output = stdout #To make Html the default formatting Format = html Format = text #To make Base64 [aka uuencode] Encode = base64 Encode = none # Default person to mail reports to. Can be a local account or a # complete email address. Variable Output should be set to mail, or # --output mail should be passed on command line to enable mail feature. MailTo = root # WHen using option --multiemail, it is possible to specify a different # email recipient per host processed. For example, to send the report # for hostname host1 to user@example.com, use: #Mailto_host1 = user@example.com # Multiple recipients can be specified by separating them with a space. # Default person to mail reports from. Can be a local account or a # complete email address. MailFrom = Logwatch # if set, the results will be saved in instead of mailed # or displayed. Be sure to set Output = file also. #Filename = /tmp/logwatch # Use archives? If set to 'Yes', the archives of logfiles # (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will # be searched in addition to the /var/log/messages file. # This usually will not do much if your range is set to just # 'Yesterday' or 'Today'... it is probably best used with # By default this is now set to Yes. To turn off Archives uncomment this. #Archives = No # Range = All # The default time range for the report... # The current choices are All, Today, Yesterday Range = yesterday # The default detail level for the report. # This can either be Low, Med, High or a number. # Low = 0 # Med = 5 # High = 10 Detail = Low # The 'Service' option expects either the name of a filter # (in /usr/share/logwatch/scripts/services/*) or 'All'. # The default service(s) to report on. This should be left as All for # most people. Service = All # You can also disable certain services (when specifying all) Service = "-zz-network" # Prevents execution of zz-network service, which # prints useful network configuration info. Service = "-zz-sys" # Prevents execution of zz-sys service, which # prints useful system configuration info. Service = "-eximstats" # Prevents execution of eximstats service, which # is a wrapper for the eximstats program. # If you only cared about FTP messages, you could use these 2 lines # instead of the above: #Service = ftpd-messages # Processes ftpd messages in /var/log/messages #Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog # Maybe you only wanted reports on PAM messages, then you would use: #Service = pam_pwdb # PAM_pwdb messages - usually quite a bit #Service = pam # General PAM messages... usually not many # You can also choose to use the 'LogFile' option. This will cause # logwatch to only analyze that one logfile.. for example: #LogFile = messages # will process /var/log/messages. This will run all the filters that # process that logfile. This option is probably not too useful to # most people. Setting 'Service' to 'All' above analyzes all LogFiles # anyways... # # By default we assume that all Unix systems have sendmail or a sendmail-like MTA. # The mailer code prints a header with To: From: and Subject:. # At this point you can change the mailer to anything that can handle this output # stream. # TODO test variables in the mailer string to see if the To/From/Subject can be set # From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt mailer = "/usr/sbin/sendmail -t" # # With this option set to a comma separted list of hostnames, only log entries # for these particular hosts will be processed. This can allow a log host to # process only its own logs, or Logwatch can be run once per a set of hosts # included in the logfiles. # Example: HostLimit = hosta,hostb,myhost # # The default is to report on all log entries, regardless of its source host. # Note that some logfiles do not include host information and will not be # influenced by this setting. # #HostLimit = myhost # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/000077500000000000000000000000001215235751200205035ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/conf/services/afpd.conf000066400000000000000000000013331215235751200222640ustar00rootroot00000000000000########################################################################### # $Id: afpd.conf,v 1.5 2005/06/07 16:26:42 bjorn Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "afpd" # Which logfile group... LogFile = messages # Only give lines pertaining to the afpd service... *OnlyService = afpd *RemoveHeaders # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/amavis.conf000066400000000000000000000165521215235751200226430ustar00rootroot00000000000000 ########################################################################### # $Id: amavis.conf,v 1.10 2007/05/16 04:57:16 mrc Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Amavisd-new" # Which logfile group... LogFile = maillog # Specifies the global maximum detail level # #Detail = 10 # Only give lines pertaining to the amavis service... # # The variables OnlyService and amavis_Syslog_Name are regular # expression patterns, and should both be set to match the # amavis service name used in your syslog entries. #*OnlyService = (usr/sbin/amavisd|dccproc) *OnlyService = (amavis|dccproc) *RemoveHeaders # Set this to the service name used in amavis syslog entries # # Note: if you use parenthesis in your regular expression, be sure it # is cloistering and not capturing: use (?:pattern) instead of (pattern). # $amavis_Syslog_Name = "/usr/sbin/amavisd" $amavis_Syslog_Name = "(?:amavis|dccproc)" # # Set the variable below to specify the maximum report width. # for Detail <= 10 # $amavis_Max_Report_Width = 100 # Specifies how to handle line lengths greater than Max_Report_Width. # Options are Truncate (default), Wrap, or Full. # for Detail <= 10 # $amavis_Line_Style = Truncate # Show names of detail section variables/command line options in # detail report titles. For command line, use --[no]sect_vars, # without an argument. # $amavis_Show_Sect_Vars = No # In reports, for tallying purposes, use (and show) only the first # recipient when a message contains multple recipients. # $amavis_Show_First_Recip_Only = No # Include a by-contents category grouping in the summary report. # $amavis_Show_By_Ccat_Summary = Yes # Amavis Timings Report # # Specifies the percentiles of collected data to show in the timing report. # Valid values are from 0 to 100, inclusive. # $amavis_Timings_Percentiles = "0 5 25 50 75 95 100" # # Show top N percent of the amavis scan timings report # $amavis_Timings = 95 # Amavis SpamAssassin Timings Report # # Specifies the percentiles of collected data to show in the # SpamAssassin timing report (requires amavis 2.6+, SA 3.3+). # Valid values are from 0 to 100, inclusive. # $amavis_SA_Timings_Percentiles = "0 5 25 50 75 95 100" # # Show top N rows of the SpamAssassin timings report # Requires: amavis 2.6+, SpamAssassin 3.3+ # $amavis_SA_Timings = 100 # Spam Score Percentiles Report # # Specifies the percentiles shown in the spam scores frequency report. # Valid values range from 0 to 100, inclusive. The keyword "default" # can be used instead to reset the values to their built-in default. # $amavis_Score_Percentiles = "0 50 90 95 98 100" # Spam Score Frequency Report # # Specifies the buckets shown in the spam scores frequency report. # Valid values are real numbers. The keyword "default" # can be used instead to reset the values to their built-in default. # $amavis_Score_Frequencies = "-10 -5 0 5 10 20 30" # SpamAssassin Spam / Ham Rules Hit Report # # Specifies the number of top S spam and top H ham hits to show in the # SpamAssassin Spam and Ham rules hit report. The value is a list # separated by whitespace or a comma. The order is "spam,ham". The # keyword "all" means unlimited limit, and 0 specifies none. For # example, the value "all,10" would show all Spam rules hit, but only # the top 10 ham rules, whereas "0,all" would prevent the Spam hit # report, and show all the hit Ham rules. # $amavis_SARules = "20 20" # Autolearn Report # # Shows the autolearn report when autolearn entries are present in # amavis log entries. To make these available, the default # $log_templ variable needs to be modified. This can be done by # uncommenting two lines in the amavis program itself (where the # default log templates reside), by correctly adding the $log_templ # variable to the amavisd.conf file. See amavis' README.customize # and the end of the amavisd program, searching for "autolearn". $amavis_Show_Autolearn = Yes # If available, show most recent amavis startup details # $amavis_Show_StartInfo = Yes # Show the summary section. For command line, use --[no]summary, # without an argument. $amavis_Show_Summary = Yes # Level Limiters # # The variables below control the maximum output level for a given # category. A level of 1 indicates only one level of detailed output # in the Detailed report section. The Summary section is only avail- # able at logwatch --Detail level >= 5. Increasing the Detail level # by one adds one level of additional detail in the Summary section. # # For example, Detail 5 would output one additional level of detail, # Detail 6 two levels, etc. all the way up to 10. Finally, Detail # 11 yields uncropped lines of output. # # You can control the maximum number of level 1 lines by appending # a period and a number. The value 2.10 would indicate 2 levels # of detail, but only 10 level 1 lines. For example, setting # $amavis_SpamBlocked = 1.20 yields a top 20 list of blocked spam. # # A more useful form of limiting uses triplets in the form l:n:t. # This triplet specifies level l, top n, and minimum threshold t. # Each of the values are integers, with l being the level limiter # as described above, n being a top n limiter for the level l, and # t being the threshold limiter for level l. When both n and t # are specified, n has priority, allowing top n lists (regardless # of threshold value). If the value of l is omitted, the speci- # fied values for n and/or t are used for all levels available in # the sub-section. This permits a simple form of wildcarding (eg. # place minimum threshold limits on all levels). However, spe- # cific limiters always override wildcard limiters. The first # form of level limiter may be included in levelspec to restrict # output, regardless of how many triplets are present. $amavis_CleanPassed = 0 $amavis_CleanBlocked = 10 $amavis_SpamPassed = 10 $amavis_SpamBlocked = 10 $amavis_SpammyPassed = 10 $amavis_SpammyBlocked = 10 $amavis_MalwarePassed = 10 $amavis_MalwareBlocked = 10 $amavis_BannedNamePassed = 10 $amavis_BannedNameBlocked = 10 $amavis_BadHeaderPassed = 10 $amavis_BadHeaderBlocked = 10 $amavis_MTABlocked = 10 $amavis_OversizedBlocked = 10 $amavis_OtherBlocked = 10 $amavis_AVConnectFailure = 10 $amavis_AVTimeout = 10 $amavis_ArchiveExtract = 10 $amavis_BadHeaderSupp = 10 $amavis_Bayes = 10 $amavis_Blacklisted = 10 $amavis_BounceKilled = 10 $amavis_BounceRescued = 10 $amavis_BounceUnverifiable = 10 $amavis_ContentType = 10 $amavis_DccError = 10 $amavis_DefangError = 10 $amavis_Defanged = 10 $amavis_DsnNotification = 10 $amavis_DsnSuppressed = 10 $amavis_ExtraModules = 10 $amavis_FakeSender = 10 $amavis_LocalDeliverySkipped = 10 $amavis_MalwareByScanner = 10 $amavis_MalwareToSpam = 10 $amavis_MimeError = 10 $amavis_p0f = 2 $amavis_Released = 10 $amavis_SADiags = 10 $amavis_SmtpResponse = 10 $amavis_TmpPreserved = 10 $amavis_VirusScanSkipped = 1 $amavis_Warning = 10 $amavis_WarningAddressModified = 2 $amavis_WarningNoQuarantineID = 1 $amavis_WarningSecurity = 10 $amavis_WarningSmtpShutdown = 10 $amavis_WarningSQL = 10 $amavis_Whitelisted = 10 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/arpwatch.conf000066400000000000000000000013501215235751200231620ustar00rootroot00000000000000########################################################################## # $Id: arpwatch.conf,v 1.6 2005/02/24 17:05:20 kirk Exp $ ########################################################################## # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Arpwatch" # Which logfile group... LogFile = messages # Only give lines pertaining to the arpwatch service... *OnlyService = arpwatch *RemoveHeaders # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/audit.conf000066400000000000000000000022631215235751200224630ustar00rootroot00000000000000########################################################################### # $Id: audit.conf,v 1.3 2009/06/05 13:53:19 mike Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Kernel Audit" # Which logfile group... LogFile = messages # Only give lines related to the audit service # Note that audit lines may have something like audit(1114839915.618:0) # as the service name # (Some implementations might not precede it with "kernel:") *OnlyService = (kernel:( \[[ 0-9\.]+\])?)?\s*(type=[0-9]+\s*)?audit.* *RemoveHeaders ######################################################## # This was written and is maintained by: # Ron Kuris # # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ######################################################## logwatch-7.4.0+svn20130529rev144/conf/services/automount.conf000066400000000000000000000020021215235751200233770ustar00rootroot00000000000000########################################################################### # $Id: automount.conf,v 1.7 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Automount" # Which logfile group... LogFile = messages # Only give lines pertaining to the automount service... *OnlyService = automount *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/autorpm.conf000066400000000000000000000016331215235751200230440ustar00rootroot00000000000000########################################################################### # $Id: autorpm.conf,v 1.4 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "AutoRPM" # Which logfile group... LogFile = autorpm ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/barracuda.conf000066400000000000000000000010201215235751200232670ustar00rootroot00000000000000########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = Barracuda Spam Firewall # Which logfile group... LogFile = maillog # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/bfd.conf000066400000000000000000000007631215235751200221130ustar00rootroot00000000000000########################################################################## # $Id: bfd.conf,v 1.1 2007/04/15 19:48:23 bjorn Exp $ ########################################################################## # $Log: bfd.conf,v $ # Revision 1.1 2007/04/15 19:48:23 bjorn # New bfd (Brute Force Detection) service, by Andy Bolstridge. # ########################################################################## Title = "BFD" # Which logfile group... LogFile = bfd #*RemoveHeaders = *ApplyStdDate = logwatch-7.4.0+svn20130529rev144/conf/services/cisco.conf000066400000000000000000000016261215235751200224570ustar00rootroot00000000000000########################################################################### # $Id: cisco.conf,v 1.4 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "cisco" # Which logfile group... LogFile = cisco ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/citadel.conf000066400000000000000000000020471215235751200227620ustar00rootroot00000000000000########################################################################### # $Id: citadel.conf,v 1.2 2012/01/06 21:06:08 general Exp general $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Citadel" # Which logfile group... LogFile = citadel # Only give lines pertaining to the citadel service... *OnlyService = "citadel|citserver" *RemoveHeaders ######################################################## # This was written and is maintained by: # Stefan Jakobs # # Please send all comments, suggestions, bug reports, # etc, to logwatch at localside.net. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/clam-update.conf000066400000000000000000000034771215235751200235610ustar00rootroot00000000000000######################################################################### # clam-update script for Logwatch # Analyzes the Clam Anti-Virus update log # # Version: 1.0.0 # Initial release # Version: 1.0.1 # Minor documentation update # # Written by: Lars Skjærlund ######################################################################### ######################################################################### # This script is subject to the same copyright as Logwatch itself ######################################################################### ######################################################################### # Files - all shown with default paths: # # /usr/share/logwatch/default.conf/logfiles/clam-update.conf # /usr/share/logwatch/default.conf/services/clam-update.conf (this file) # /usr/share/logwatch/scripts/services/clam-update # # ... and of course # # /var/log/clam-update ######################################################################### ######################################################################### # Important note: # # Under normal operation - ie. a detail level of 'lo' (0), no output will # be produced if no updates have taken place. However, if no update # attempt has been done, an alert will be output to inform you about this # (which probably means that freshclam isn't running). # # If you have stopped using ClamAV and would like to get rid of the # alert, you should delete the logfile. If there's no logfile, no alerts # will be output - but if Logwatch finds a logfile and no update attempts # have been made for whatever timeperiod Logwatch is analyzing, an alert # will be output. ######################################################################### Title = "clam-update" # Which logfile group... LogFile = clam-update # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/clamav-milter.conf000066400000000000000000000010731215235751200241100ustar00rootroot00000000000000################################################################## # # clamav script ver. 0.85.1 for Logwatch. # # Written by S. Schimkat . # # Find latest version here: www.schimkat.dk/clamav # ################################################################## Title = "Clamav-milter" LogFile = messages # maillog retained for backwards compatibility, but may be deleted # at a later time LogFile = maillog *OnlyService = clamav-milter *RemoveHeaders # To turnoff unmatched output set to 1 $clamav_ignoreunmatched = 0 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/clamav.conf000066400000000000000000000013601215235751200226150ustar00rootroot00000000000000################################################################## # # clamav script ver. 0.85.1 for Logwatch. # # Written by S. Schimkat . # # Find latest version here: www.schimkat.dk/clamav # ################################################################## Title = "Clamav" # If you log to syslog, you probably want... LogFile = messages *applystddate *OnlyService = clamd # If clamd logs to a file directly, you want only... # (comment out *OnlyService above) #LogFile = clamav *RemoveHeaders # To turnoff unmatched output set to 1 $clamav_ignoreunmatched = 0 # To set a detail level different from the global one, uncomment # and set it to an appropriate number #$clamav_detail_level = 5 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/courier.conf000066400000000000000000000033371215235751200230300ustar00rootroot00000000000000########################################################################### # ------------------------------------------------------------------------ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "courier mail services" # Which logfile group... LogFile = maillog # Because the Courier Mail Server has very generic service names (pop3d # etc.), it might sometimes be necessary to disable courier. $courier_enable=1 #Level of Detail # 0 (Default) only errors #>=5 Successful deliveries, pop3 and imap connections #>=10 For the I like -vvv people (currently not big differences) #$courier_override_detail_level=5 # Output format # 0 make IPtables-Like output # 1 make nicely-formatted tables # Default to 0 because that fits # better with the rest of logwatch $courier_tables=0 #Print the Output of the command mailq $courier_PrintMailQueue=0 #0: "502 ESMTP command error",cmd: DATA or 517-Domain does not exist: boss.com. #1: "502 ESMTP command error" or 517-Domain does not exist #Last means of course a reduction of tables but also a loss of information. #Currently only in Table mode #$courier_RemoveAdditionalInfo=0 #Change this to 1 if you want to do reverse DNS lookups $courier_ip_lookup=0 # Allows to print all unmatched lines (only useful if courier # is the only service that logs to maillog) #$courier_print_all_unmatched=0 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/cron.conf000066400000000000000000000016221215235751200223140ustar00rootroot00000000000000########################################################################### # $Id: cron.conf,v 1.7 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Cron" # Which logfile group... LogFile = cron ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/denyhosts.conf000066400000000000000000000007411215235751200233740ustar00rootroot00000000000000############################################################################### # $Id: denyhosts.conf,v 1.1 2006/11/12 18:32:54 bjorn Exp $ ############################################################################### # $Log: denyhosts.conf,v $ # Revision 1.1 2006/11/12 18:32:54 bjorn # New service denyhosts, by grubert. # ############################################################################### Title = "Denyhosts" LogFile = denyhosts # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/dhcpd.conf000066400000000000000000000017621215235751200224420ustar00rootroot00000000000000########################################################################### # $Id: dhcpd.conf,v 1.5 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "dhcpd" # Which logfile group... LogFile = messages # Only give lines pertaining to the dhcpd service... *OnlyService = dhcpd *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/dnssec.conf000066400000000000000000000052311215235751200226320ustar00rootroot00000000000000############################################################################# # $Id: dnssec.conf,v 1.1 2005/10/19 05:57:40 bjorn Exp $ ############################################################################# # $Log: dnssec.conf,v $ # Revision 1.1 2005/10/19 05:57:40 bjorn # dnssec and resolver scripts, written by Lindy Foster # ############################################################################# #Copyright (c) 2004, Sparta, Inc #All rights reserved. # #Redistribution and use in source and binary forms, with or without #modification, are permitted provided that the following conditions are met: # #* Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # #* Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # #* Neither the name of Sparta, Inc nor the names of its contributors may # be used to endorse or promote products derived from this software # without specific prior written permission. # #THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS #IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, #THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR #PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR #CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, #EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, #PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; #OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, #WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR #OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF #ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ############################################################################# ############################################################################# # These scripts were created as part of the dnssec-tools project. # For more information, see http://sourceforge.net/dnssec-tools. # Detailed instructions for setting up BIND 9.3.* to use these logwatch # configuration files and scripts are containted in the README file # on sourceforge. ############################################################################# ########################################################################### # Configuration file for dnssec filter ########################################################################### Title = "DNSSEC" # Which logfile group... LogFile = dnssec logwatch-7.4.0+svn20130529rev144/conf/services/dovecot.conf000066400000000000000000000020311215235751200230110ustar00rootroot00000000000000# You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Dovecot" # Which logfile group... LogFile = maillog *OnlyService = (imap-login|pop3-login|dovecot) *RemoveHeaders = "^\w{3} .\d \d\d:\d\d:\d\d (?:[^\s:]* )?" # Override the default Detail level. This will only affect dovecot's report. #$dovecot_detail = 10 # Variable $dovecot_ignore_host is used to filter out hosts that login # successfully. This commented-out example filters out reserved local # addresses (IETF RFC 1918 and RFC 3330). #$dovecot_ignore_host="^\[10\.|^172\.(1[6-9]|2[0-9]|3[01])\.|^192\.168\.|^127\.\d\.\d\.\d\]$" # Boolean option $dovecot_numeric is used to disable DNS lookups. # DNS lookups are enabled by default #$dovecot_numeric = 0 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/dpkg.conf000066400000000000000000000014771215235751200223100ustar00rootroot00000000000000########################################################################### # $Id: dpkg.conf,v 1.1 2006/12/15 04:39:22 bjorn Exp $ ########################################################################### # $Log: dpkg.conf,v $ # Revision 1.1 2006/12/15 04:39:22 bjorn # New dpkg scripts, by Willi Mann. # ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = dpkg status changes # Which logfile group... LogFile = dpkg # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/emerge.conf000066400000000000000000000012661215235751200226230ustar00rootroot00000000000000########################################################################## # $Id: emerge.conf,v 1.1 2005/02/24 17:06:07 kirk Exp $ ########################################################################## ############################################################# # This was written and is maintained by: # Laurent DUFOUR , # based on the work of # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to laurent.dufour at havas.com ############################################################## Title = "emerge" # Which logfile group... LogFile = emerge # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/evtapplication.conf000066400000000000000000000020501215235751200243710ustar00rootroot00000000000000########################################################################## # $Id: evtapplication.conf,v 1.1 2007/04/28 22:50:24 bjorn Exp $ ########################################################################## # $Log: evtapplication.conf,v $ # Revision 1.1 2007/04/28 22:50:24 bjorn # Added files for Windows Event Log, by Orion Poplawski. These are for # Windows events logged to a server, using Snare Agent or similar. # ########################################################################## # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Application Event Log" # Which logfile group... LogFile = eventlog # Only give lines pertaining to the kernel service... *EventLogOnlyService = Application *RemoveHeaders # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/evtsecurity.conf000066400000000000000000000020341215235751200237370ustar00rootroot00000000000000########################################################################## # $Id: evtsecurity.conf,v 1.1 2007/04/28 22:50:24 bjorn Exp $ ########################################################################## # $Log: evtsecurity.conf,v $ # Revision 1.1 2007/04/28 22:50:24 bjorn # Added files for Windows Event Log, by Orion Poplawski. These are for # Windows events logged to a server, using Snare Agent or similar. # ########################################################################## # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Security Event Log" # Which logfile group... LogFile = eventlog # Only give lines pertaining to the kernel service... *EventLogOnlyService = security *RemoveHeaders # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/evtsystem.conf000066400000000000000000000020241215235751200234130ustar00rootroot00000000000000########################################################################## # $Id: evtsystem.conf,v 1.1 2007/04/28 22:50:24 bjorn Exp $ ########################################################################## # $Log: evtsystem.conf,v $ # Revision 1.1 2007/04/28 22:50:24 bjorn # Added files for Windows Event Log, by Orion Poplawski. These are for # Windows events logged to a server, using Snare Agent or similar. # ########################################################################## # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "System Event Log" # Which logfile group... LogFile = eventlog # Only give lines pertaining to the kernel service... *EventLogOnlyService = system *RemoveHeaders # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/exim.conf000066400000000000000000000017531215235751200223220ustar00rootroot00000000000000########################################################################### # $Id: exim.conf,v 1.5 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "EXIM" # Which logfile group... LogFile = exim # Only give lines pertaining to the mountd service... #*OnlyService = #*RemoveHeaders = ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/eximstats.conf000066400000000000000000000022151215235751200233730ustar00rootroot00000000000000########################################################################### # $Id: eximstats.conf,v 1.1 2006/02/22 19:23:09 mike Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "EXIMSTATS" # Which logfile group... LogFile = exim # Only give lines pertaining to the mountd service... #*OnlyService = #*RemoveHeaders = # Location of eximstats executable $eximstats = "/usr/sbin/eximstats" ######################################################## # This was written and is maintained by: # Jeff Frost # # Please send all comments, suggestions, bug reports, # etc, to jeff.frost@frostconsultingllc.com and # logwatch-devel@lists.sourceforge.net ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/extreme-networks.conf000066400000000000000000000016671215235751200247070ustar00rootroot00000000000000########################################################################### # $Id: extreme-networks.conf,v 1.2 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "extreme-networks" # Which logfile group... LogFile = extreme-networks ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/fail2ban.conf000066400000000000000000000014771215235751200230410ustar00rootroot00000000000000########################################################################### # $Id: fail2ban.conf,v 1.1 2006/05/30 19:04:26 bjorn Exp $ ########################################################################### # $Log: fail2ban.conf,v $ # Revision 1.1 2006/05/30 19:04:26 bjorn # Added fail2ban service, written by Yaroslav Halchenko. # ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = fail2ban-messages # Which logfile group... LogFile = fail2ban logwatch-7.4.0+svn20130529rev144/conf/services/fetchmail.conf000066400000000000000000000015641215235751200233140ustar00rootroot00000000000000########################################################################### # $Id: fetchmail $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Fetchmail" # Which logfile group... LogFile = maillog *OnlyService = fetchmail *RemoveHeaders #Fetchmail Global ENV Variables ######################################################## # This was written and is maintained by: # Oron Peled # ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/freeradius.conf000066400000000000000000000013001215235751200234750ustar00rootroot00000000000000########################################################################## # freeradius conf # Marczona 28.12.2011 ########################################################################## # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "freeradius FKM variant" # Which logfile group... LogFile = freeradius #Detail=med #*OnlyService = radiusd *RemoveHeaders # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/ftpd-messages.conf000066400000000000000000000020511215235751200241120ustar00rootroot00000000000000########################################################################### # $Id: ftpd-messages.conf,v 1.11 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "ftpd-messages" # Which logfile group... LogFile = messages *OnlyService = ftpd *RemoveHeaders # Set this to 1 if you want to ignore unmatched FTP messages... $ftpd_ignore_unmatched = 0 ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/ftpd-xferlog.conf000066400000000000000000000017711215235751200237610ustar00rootroot00000000000000########################################################################### # $Id: ftpd-xferlog.conf,v 1.9 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "ftpd-xferlog" # Which logfile group... LogFile = xferlog # Set this to 0 to just get a summary of transfers (no details) $detail_transfer=1 ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/http-error.conf000066400000000000000000000006121215235751200234570ustar00rootroot00000000000000# # Service definition for http error log # # File to be placed in # /etc/logwatch/conf/services/http-error.conf # Title = http errors # Which logfile group... LogFile = http-error # PHP notices should be fixed Detail = High # Ignore all "does not exist" messages # $ignore_not_exist_all = Yes # Ignore "does not exist" messages with no "referer:" tag # $ignore_not_exist_no_referer = Yes logwatch-7.4.0+svn20130529rev144/conf/services/http.conf000066400000000000000000000057121215235751200223360ustar00rootroot00000000000000########################################################################### # Configuration file for http filter ########################################################################### Title = "httpd" # Which logfile group... LogFile = http # Define the log file format # # This is now the same as the LogFormat parameter in the configuration file # for httpd. Multiple instances of declared LogFormats in the httpd # configuration file can be declared here by concatenating them with the # '|' character. The default, shown below, includes the Combined Log Format, # the Common Log Format, and the default SSL log format. #$LogFormat = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"|%h %l %u %t \"%r\" %>s %b|%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # The following is supported for backwards compatibility, but deprecated: # Define the log file format # # the only currently supported fields are: # client_ip # request # http_rc # bytes_transfered # agent # #$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc bytes_transfered referrer agent" #$HTTP_FORMAT = "space space space brace quote space space quote quote" # Define the field formats # # the only currently supported formats are: # space = space delimited field # quote = quoted ("..") space delimited field # brace = braced ([..]) space delimited field # Flag to ignore 4xx and 5xx error messages as possible hack attempts # # Set flag to 1 to enable ignore # or set to 0 to disable $HTTP_IGNORE_ERROR_HACKS = 0 # Ignore requests # Note - will not do ANY processing, counts, etc... just skip it and go to # the next entry in the log file. # Examples: # 1. Ignore all URLs starting with /model/ and ending with 1 to 10 digits # $HTTP_IGNORE_URLS = ^/model/\d{1,10}$ # # 2. Ignore all URLs starting with /model/ and ending with 1 to 10 digits and # all URLS starting with /photographer and ending with 1 to 10 digits # $HTTP_IGNORE_URLS = ^/model/\d{1,10}$|^/photographer/\d{1,10}$ # or simply: # $HTTP_IGNORE_URLS = ^/(model|photographer)/\d{1,10}$ # To ignore a range of IP addresses completely from the log analysis, # set $HTTP_IGNORE_IPS. For example, to ignore all local IP addresses: # # $HTTP_IGNORE_IPS = ^10\.|^172\.(1[6-9]|2[0-9]|3[01])\.|^192\.168\.|^127\. # # The variable $HTTP_USER_DISPLAY defines which user accesses are displayed. # The default is not to display user accesses: $HTTP_USER_DISPLAY = 0 # To display access failures: # $HTTP_USER_DISPLAY = "$field{http_rc} >= 400" # To display all user accesses except "Unauthorized": # $HTTP_USER_DISPLAY = "$field{http_rc} != 401" # To raise the needed level of detail for one or more specific # error codes to display a summary instead of listing each # occurrence, set a variable like the following ones: # Raise 403 codes to detail level High #$http_rc_detail_rep_403 = 10 # Always show only summary for 404 codes #$http_rc_detail_rep_404 = 20 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/identd.conf000066400000000000000000000017531215235751200226270ustar00rootroot00000000000000########################################################################### # $Id: identd.conf,v 1.10 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "identd" # Which logfile group... LogFile = messages # Only give lines pertaining to identd... *OnlyService = identd *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/imapd.conf000066400000000000000000000016101215235751200224420ustar00rootroot00000000000000########################################################################### # ------------------------------------------------------------------------ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "IMAP" # Which logfile group... LogFile = maillog # Only give lines pertaining to courier... # I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 #but you will get at least all currently supported logs *OnlyService = (imapd|imapd-ssl|imapsd) *RemoveHeaders = # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/in.qpopper.conf000066400000000000000000000020201215235751200234370ustar00rootroot00000000000000########################################################################### # $Id: in.qpopper.conf,v 1.7 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "in.qpopper" # Which logfile group... LogFile = maillog # Only give lines pertaining to the in.qpopper service... *MultiService = in.qpopper,qpopper *RemoveHeaders ######################################################## # This was written and is maintained by: # Kenneth Porter # # Please send all comments, suggestions, bug reports, # etc, to shiva@well.com. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/init.conf000066400000000000000000000017561215235751200223260ustar00rootroot00000000000000########################################################################### # $Id: init.conf,v 1.9 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Init" # Which logfile group... LogFile = messages # Only give lines pertaining to the init service... *OnlyService = init *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/ipop3d.conf000066400000000000000000000016031215235751200225500ustar00rootroot00000000000000########################################################################### # $Id: ipop3d.conf,v 1.5 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "ipop3d" # Which logfile group... LogFile = maillog LogFile = secure *OnlyService = ipop3d *RemoveHeaders ######################################################## # The ipop3d filter was written and is maintained by: # Pawel Jarosz ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/iptables.conf000066400000000000000000000027521215235751200231630ustar00rootroot00000000000000########################################################################### # $Id: iptables.conf,v 1.2 2006/07/11 15:59:56 bjorn Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "iptables firewall" # Which logfile group... LogFile = messages LogFile = iptables # Set this to yes to lookup IPs in kernel firewall report $iptables_ip_lookup = No # Set this to enable a filter on iptables/ipchains displays # This will block out hosts who have less than the specified # number of hits between all ports. Defaults to 0. $iptables_host_min_count = 0 # If both of the following settings are enabled, two output lists # will be produced. If none is set, the old style output is prduced. # Set this to generate old style output (sorted by source hosts) #$iptables_list_by_host = 0 # Set this to generate new style output (sorted by targeted service) #$iptables_list_by_service = 1 ######################################################## # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/kernel.conf000066400000000000000000000026351215235751200226400ustar00rootroot00000000000000########################################################################### # $Id: kernel.conf,v 1.14 2006/01/04 21:06:53 bjorn Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Kernel" # Which logfile group... LogFile = messages # Only give lines pertaining to the kernel service... *OnlyService = (kernel|SUNW,[-\w]+?) *RemoveHeaders # Ignore segfaults and general protection faults in the listed programs # The value is a regular expression that the executable name is matched # against. Separate multiple executables with | # $ignore_faults = npviewer.bin # Ignore Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server # messages which often occur when kerberos tickets expire # $ignore_rpcsec_expired = Yes ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/mailscanner.conf000066400000000000000000000020441215235751200236460ustar00rootroot00000000000000########################################################################### # $Id: mailscanner.conf,v 1.7 2006/02/22 19:52:48 mike Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "MailScanner" # Which logfile group... LogFile = maillog # Only give lines pertaining to the sendmail service... *OnlyService = MailScanner *RemoveHeaders #Mailscanner Global ENV Variables $mailscanner_phishing_detail = 0 $mailscanner_phishingthreshold = 1 ######################################################## # This was written and is maintained by: # Mike Tremaine # ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/mdadm.conf000066400000000000000000000006241215235751200224360ustar00rootroot00000000000000# You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Mdadm" # Which logfile group... LogFile = messages logwatch-7.4.0+svn20130529rev144/conf/services/mod_security2.conf000066400000000000000000000011601215235751200241400ustar00rootroot00000000000000########################################################################### # Configuration file for http mod_security2 ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "ModSecurity2 (mod_security2)" # Which logfile group... LogFile = audit_log logwatch-7.4.0+svn20130529rev144/conf/services/modprobe.conf000066400000000000000000000017771215235751200231750ustar00rootroot00000000000000########################################################################### # $Id: modprobe.conf,v 1.10 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "ModProbe" # Which logfile group... LogFile = messages # Only give lines pertaining to the modprobe service... *OnlyService = modprobe *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/mountd.conf000066400000000000000000000017661215235751200226720ustar00rootroot00000000000000########################################################################### # $Id: mountd.conf,v 1.9 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Mountd" # Which logfile group... LogFile = messages # Only give lines pertaining to the mountd service... *OnlyService = mountd *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/mysql-mmm.conf000066400000000000000000000011701215235751200233020ustar00rootroot00000000000000########################################################################### # $Id:$ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "MySQL Mulit-Master Replication Manager" # Which logfile group... LogFile = mysql-mmm # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/mysql.conf000066400000000000000000000002321215235751200225140ustar00rootroot00000000000000# # Service definition for MySQL error log # Title = mysqld # Which logfile group... LogFile = mysql # Detail = High # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/named.conf000066400000000000000000000021711215235751200224370ustar00rootroot00000000000000########################################################################### # $Id: named.conf,v 1.10 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Named" # Which logfile group... LogFile = messages # Whether or not to lookup the IPs into hostnames... # Setting this to Yes will significantly increase runtime $named_ip_lookup = No # Only give lines pertaining to the named service... *OnlyService = named *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/netopia.conf000066400000000000000000000016331215235751200230140ustar00rootroot00000000000000########################################################################### # $id: netopia.conf,v 1.1 2004/09/28 01:50:15 mgt Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "netopia" # Which logfile group... LogFile = netopia ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/netscreen.conf000066400000000000000000000016421215235751200233430ustar00rootroot00000000000000########################################################################### # $Id: netscreen.conf,v 1.3 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "netscreen" # Which logfile group... LogFile = netscreen ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/oidentd.conf000066400000000000000000000013501215235751200227770ustar00rootroot00000000000000########################################################################### # $Id: oidentd.conf,v 1.4 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Oidentd" # Which logfile group... LogFile = messages # Only give lines pertaining to the modprobe service... *OnlyService = oidentd *RemoveHeaders # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/openvpn.conf000066400000000000000000000013541215235751200230420ustar00rootroot00000000000000########################################################################### # ------------------------------------------------------------------------ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "OpenVPN" # Which logfile group... LogFile = messages # Only give lines pertaining to openvpn *OnlyService = openvpn *RemoveHeaders = # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/pam.conf000066400000000000000000000017521215235751200221340ustar00rootroot00000000000000########################################################################### # $Id: pam.conf,v 1.9 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "pam" # Which logfile group... LogFile = messages # Only give lines pertaining to the pam service... *OnlyService = pam *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/pam_pwdb.conf000066400000000000000000000017771215235751200231570ustar00rootroot00000000000000########################################################################### # $Id: pam_pwdb.conf,v 1.10 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "PAM_pwdb" # Which logfile group... LogFile = messages # Only give lines pertaining to the PAM_pwdb service... *OnlyService = pam_pwdb *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/pam_unix.conf000066400000000000000000000016571215235751200232030ustar00rootroot00000000000000########################################################################### # $Id: pam_unix.conf,v 1.5 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "pam_unix" # Which logfile group... LogFile = messages LogFile = secure ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/php.conf000066400000000000000000000015611215235751200221440ustar00rootroot00000000000000############################################################################### # $Id: php.conf,v 1.1 2006/11/12 18:28:31 bjorn Exp $ ############################################################################### # $Log: php.conf,v $ # Revision 1.1 2006/11/12 18:28:31 bjorn # New php service, by Jeremias Reith. # ############################################################################### # # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = php-messages # Which logfile group... LogFile = php # PHP notices should be fixed Detail = High # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/pix.conf000066400000000000000000000007251215235751200221560ustar00rootroot00000000000000########################################################################### # $Id: pix.conf,v 1.1 2006/12/20 04:37:13 bjorn Exp $ ########################################################################### # $Log: pix.conf,v $ # Revision 1.1 2006/12/20 04:37:13 bjorn # Config files for new service for cisco pix files. # ########################################################################### Title = "Cisco Pix" LogFile = pix # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/pluto.conf000066400000000000000000000005371215235751200225220ustar00rootroot00000000000000########################################################################## # $Id: pluto.conf,v 1.5 2005/02/24 17:05:20 kirk Exp $ ########################################################################## # This is very simple. The FreeS/WAN watcher doesn't do a whole lot. :) Title = "FreeS/WAN" LogFile = secure # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/pop3.conf000066400000000000000000000016431215235751200222370ustar00rootroot00000000000000########################################################################### # ------------------------------------------------------------------------ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "POP-3" # Which logfile group... LogFile = messages LogFile = maillog # Only give lines pertaining to courier... # I'm not sure if this is complete, especially for the new webmail daemon in 0.44.1 #but you will get at least all currently supported logs *OnlyService = (pop3d-ssl|pop3d|spop3d|tpop3d) *RemoveHeaders = # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/portsentry.conf000066400000000000000000000020101215235751200235740ustar00rootroot00000000000000########################################################################### # $Id: portsentry.conf,v 1.5 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "PortSentry" # Which logfile group... LogFile = messages # Only give lines pertaining to the portsentry service... *OnlyService = portsentry *RemoveHeaders = ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/postfix.conf000066400000000000000000000305271215235751200230550ustar00rootroot00000000000000# # postfix.conf / postfix-logwatch.conf # # This is the postfix-logwatch configuration file. # Lines in this file are of the format: # # VAR = VALUE # *VAR = VALUE # $VAR = VALUE # # Whitespace surrounding the = assignment character is removed. Variable names # and values are case insensitive. Double quotes can be used to preserve case and # whitespace. # # Variables beginning with a * are used only by logwatch. # Variables beginning with a $ are used only by the postfix-logwatch filter. # Variables beginning with neither * nor $ are used only by logwatch, with the # exception of the Detail variable which is passed via environment to the # postfix-logwatch filter. # # Any of the equivalent boolean values below may be used where appropriate: # # 1, Yes, True, On # 0, No, False, Off # # Lines that begin with a # are comment lines. Blank and whitespace lines # are ignored. Whitespace at the beginning and end of a line is ignored. # # Specifies the title used in the logwatch report # Title = "Postfix" # Specifies the logwatch logfile group # LogFile = maillog # Specifies the global, maximum detail level # #Detail = 10 # The *OnlyService selector is used solely by logwatch to select log lines # to pass to the postfix-logwatch filter. And postfix-logwatch uses the # $postfix_Syslog_Name variable for log line selection. # # When used in logwatch, both the *OnlyService and $postfix_Syslog_Name # variables below should contain essentially the same REs so that lines passed # by logwatch are also selected by postfix-logwatch. Note that *OnlyService # also includes the / (eg. postfix/smtpd). # # If you change postfix's syslog_name for any postfix service, you will need to # replace "postfix" below with an appropriate RE to capture the desired log entries. # Do likewise for *OnlyService above when used under logwatch. For example, the # settings: # # *OnlyService = "postfix\d?/[-a-zA-Z\d]*" # $postfix_Syslog_Name = "postfix\d?" # # will capture postfix/smtpd, postfix2/virtual, ..., postfix9/cleanup # # Note: If you use parenthesis in your regular expression, be sure they # are cloistering and not capturing: use (?:pattern) instead of (pattern). # # Performance Note: # If you do not wish to analyze any or all of postgrey, postfwd, or policyd-spf # consider simplifying $postfix_Syslog_Name to increase log scanning performance. The # more complex the RE, the longer the scan time to select/reject a log line. The # difference in scan times between the simple string 'postfix' and the more complex # alternation RE that includes postfix, postgrey, postfwd and policyd-spf is about 40%. # # Includes: postfix/smtpd, etc, postfix/policy-spf #*OnlyService = "postfix/[-\w]*" #$postfix_Syslog_Name = "postfix" # Includes: postfix/smtpd, etc, postfix/policy-spf, postgrey, postfwd, policyd-spf *OnlyService = "(?:post(?:fix|grey|fwd)|policyd-spf)(?:/[-\w]*)?" $postfix_Syslog_Name = "(?:post(?:fix|grey|fwd)|policyd-spf)" # Ignored postfix services # # Ignores postfix services postfix/SERVICE, where SERVICE is an RE # pattern. The example below will ignore log lines whose syslog # name is "postfix/myservice". #$postfix_Ignore_Service = "myservice" # Specifies the maximum report width for Detail <= 10, # or when postfix_Line_Style is not set to Truncate # $postfix_Max_Report_Width = 100 # Specifies how to handle line lengths greater than Max_Report_Width. # Options are Truncate (default), Wrap, or Full. # for Detail <= 10 # $postfix_Line_Style = Truncate # Set the variable below to the value set for "recipient_delimiter" # in your postfix configuration, if you want your recipient email # addresses split into their user + extension. # #$postfix_Recipient_Delimiter = "+" # Width of IP addresses for columnar output. Change to 40 for IPv6 addresses #$postfix_ipaddr_width = 40 $postfix_ipaddr_width = 15 # Switch to use Postfix 2.8 long queue IDs: # Postfix option: enable_long_queue_ids $postfix_Enable_Long_Queue_Ids = No # Show delays percentiles report. For command line, use --[no]delays, # without an argument. # $postfix_Show_Delays = Yes # Show names of detail section variables/command line options in # detail report titles. For command line, use --[no]sect_vars, # without an argument. # $postfix_Show_Sect_Vars = No # Show the postfix-reported hostname of 'unknown' in formatted # ip/hostname pairs. For command line, use --[no]unknown, # without an argument. # $postfix_Show_Unknown = Yes # Show the summary section. For command line, use --[no]summary, # without an argument. $postfix_Show_Summary = Yes # Specifies the percentiles shown in the delivery delays report # Valid values are from 0 to 100, inclusive. $postfix_Delays_Percentiles = "0 25 50 75 90 95 98 100" # Specifies the list of reject sections that will be output in # reports (eg. 5xx permanent or 4xx temporary failures). # Each entry in the comma or whitespace separated list consists of 3 # characters, where the first is either 4 or 5, and second and third # are a digit or a dot "." match-anything character. Also allowed is # the keyword "Warn" (which is used for postfix "warn_if_reject" rejects). # In PCRE (perl regular expression) terms, any pattern that matches: # # ^([45][0-9.][0-9.]|Warn)$ # # is acceptable. # # Typical reject codes: # # 421 Service not available, closing transmission channel # 450 Requested mail action not taken: mailbox unavailable # 451 Requested action aborted: local error in processing # 452 Requested action not taken: insufficient system storage # # 500 Syntax error, command unrecognized # 501 Syntax error in parameters or arguments # 502 Command not implemented # 503 Bad sequence of commands # 504 Command parameter not implemented # 550 Requested action not taken: mailbox unavailable # 551 User not local; please try # 552 Requested mail action aborted: exceeded storage allocation # 553 Requested action not taken: mailbox name not allowed # 554 Transaction failed # # Specific codes take priority over wildcard patterns. The default list # is: "5.. 4.. Warn". # # See also the various Reject... level limiters below # $postfix_Reject_Reply_Patterns = "5.. 4.. Warn" # Level Limiters # # The variables below control the maximum output level for a given # category. A level of 1 indicates only one level of detailed output in # the Detailed report section. The Summary section is only available # at logwatch --Detail level >= 5. Increasing the Detail level # by one adds one level of additional detail in the Summary section. # # For example, Detail 5 would output one additional level of detail, # Detail 6 two levels, etc. all the way up to 10. Finally, Detail # 11 yields uncropped lines of output. # # You can control the maximum number of level 1 lines by appending # a period and a number. The value 2.10 would indicate 2 levels # of detail, but only 10 level-1 lines. For example, setting # $postfix_Sent = 1.20 yields a top 20 list of Messages Sent. # # A more useful form of limiting uses triplets in the form l:n:t. # This triplet specifies level l, top n, and minimum threshold t. # Each of the values are integers, with l being the level limiter # as described above, n being a top n limiter for the level l, and # t being the threshold limiter for level l. When both n and t # are specified, n has priority, allowing top n lists (regardless # of threshold value). If the value of l is omitted, the speci- # fied values for n and/or t are used for all levels available in # the sub-section. This permits a simple form of wildcarding (eg. # place minimum threshold limits on all levels). However, spe- # cific limiters always override wildcard limiters. The first # form of level limiter may be included in levelspec to restrict # output, regardless of how many triplets are present. $postfix_Sent = 1 $postfix_SentLmtp = 1 $postfix_Delivered = 1 $postfix_Forwarded = 1 $postfix_ConnectionLostInbound = 1 $postfix_TimeoutInbound = 1 $postfix_ConnectToFailure = 2 # Disabled by default to reduce noise and consume less memory. # Enable at will $postfix_EnvelopeSenders = 0 $postfix_EnvelopeSenderDomains = 0 $postfix_ConnectionInbound = 0 # Reject by IP report $postfix_ByIpRejects = 0 $postfix_PanicError = 10 $postfix_FatalError = 10 $postfix_Error = 10 # warnings $postfix_Anvil = 3 $postfix_AttrError = 10 $postfix_CommunicationError = 10 $postfix_DatabaseGeneration = 10 $postfix_DNSError = 10 $postfix_HeloError = 10 $postfix_HostnameValidationError = 10 $postfix_HostnameVerification = 10 $postfix_IllegalAddrSyntax = 10 $postfix_LdapError = 10 $postfix_MailerLoop = 10 $postfix_MapProblem = 10 $postfix_MessageWriteError = 10 $postfix_NumericHostname = 10 $postfix_ProcessExit = 10 $postfix_ProcessLimit = 10 $postfix_QueueWriteError = 10 $postfix_RBLError = 10 $postfix_SaslAuthFail = 10 $postfix_SmtpConversationError = 10 $postfix_StartupError = 10 $postfix_WarningsOther = 10 # Common access control actions $postfix_Bcced = 10 $postfix_Discarded = 10 $postfix_Filtered = 10 $postfix_Hold = 10 $postfix_Prepended = 10 $postfix_Redirected = 10 $postfix_Replaced = 10 $postfix_Warned = 10 # DUNNO action not logged # IGNORE action not logged # REJECT actions are below # Rejects # The following are generic reject types, which are automatically # expanded into each reject variant, based on the reply patterns # listed in Reject_Reply_Patterns. By default, each item in the # list below becomes 4xxReject..., 5xxReject..., and WarnReject... $postfix_RejectBody = 10 $postfix_RejectClient = 10 $postfix_RejectConfigError = 10 $postfix_RejectContent = 10 $postfix_RejectData = 10 $postfix_RejectEtrn = 10 $postfix_RejectHeader = 10 $postfix_RejectHelo = 10 $postfix_RejectInsufficientSpace = 10 $postfix_RejectLookupFailure = 10 $postfix_RejectMilter = 10 $postfix_RejectProxy = 10 $postfix_RejectRBL = 10 $postfix_RejectRecip = 10 $postfix_RejectRelay = 10 $postfix_RejectSender = 10 $postfix_RejectSize = 10 $postfix_RejectUnknownClient = 10 $postfix_RejectUnknownReverseClient = 10 $postfix_RejectUnknownUser = 10 $postfix_RejectUnverifiedClient = 3 $postfix_RejectVerify = 10 # For more precise control, you can comment out any of the reject # types above and specify each variant manually, but the list must # be consistent with the values specified in Reject_Reply_Patterns. # # For example, you could comment out $postfix_RejectHelo above, and # instead uncomment the three RejectHelo variants, allowing you to # specify different level limiters to each variant: # # Permanent 5xx variant # $postfix_5xxRejectHelo = 1 # Temporary 4xx variant # $postfix_4xxRejectHelo = 2 # Warn_if_reject variant # $postfix_WarnRejectHelo = 2 # $postfix_Deferred = 10 $postfix_Deferrals = 10 $postfix_BounceLocal = 10 $postfix_BounceRemote = 10 $postfix_Discarded = 10 $postfix_ReturnedToSender = 10 $postfix_NotificationSent = 10 $postfix_ConnectionLostOutbound = 10 $postfix_Deliverable = 10 $postfix_Undeliverable = 10 $postfix_PixWorkaround = 10 $postfix_SaslAuth = 10 $postfix_TlsServerConnect = 10 $postfix_TlsClientConnect = 10 $postfix_TlsUnverified = 10 $postfix_TlsOffered = 10 $postfix_SMTPProtocolViolation = 10 $postfix_Postscreen = 1 $postfix_DNSBLog = 1 $postfix_PolicySPF = 10 $postfix_PolicydWeight = 10 $postfix_Postgrey = 10 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/postgresql.conf000066400000000000000000000015661215235751200235650ustar00rootroot00000000000000# Service definition for PostgreSQL error log # You can put comments anywhere you want to. They are effective for the # rest of the line. # # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # # Yes = True = On = 1 # No = False = Off = 0 Title = "PostgreSQL" # Which logfile group... LogFile = postgresql # Set it to High to also report HINT and WARNING log lines. # By default it will report PANIC, FATAL and ERROR lines. #Detail = High ########################################################################### ## Please send all comments, suggestions, bug reports, ## etc, to logwatch-devel@lists.sourceforge.net ############################################################################ # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/pound.conf000066400000000000000000000021131215235751200224740ustar00rootroot00000000000000########################################################################### # pound.conf ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "pound" # Which logfile group... LogFile = messages # Whether or not to lookup the IPs into hostnames... # Setting this to Yes will significantly increase runtime $pound_ip_lookup = Yes # Only give lines pertaining to the named service... *OnlyService = pound *RemoveHeaders = ######################################################## # This was written and is maintained by: # luuk # # Please send all comments, suggestions, bug reports, # etc, to luuk@planet.nl. # ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/proftpd-messages.conf000066400000000000000000000022521215235751200246360ustar00rootroot00000000000000########################################################################### # $Id: proftpd-messages.conf,v 1.9 2007/03/20 18:02:02 mike Exp $ ########################################################################### # This is for the ProFTPD daemon, if you have it on your system # If you don't it won't hurt anything. # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "proftpd-messages" # Which logfile group... LogFile = messages LogFile = secure *OnlyService = proftpd *RemoveHeaders # Set this to 1 if you want to ignore unmatched FTP messages... $ftpd_ignore_unmatched = 0 ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/puppet.conf000066400000000000000000000017301215235751200226700ustar00rootroot00000000000000########################################################################### # $Id: cron.conf,v 1.7 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Puppet" # Which logfile group... LogFile = syslog LogFile = messages *OnlyService = puppet(d|-agent) *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/pureftpd.conf000077500000000000000000000017711215235751200232140ustar00rootroot00000000000000########################################################################### # $Id: pureftpd.conf,v 1.4 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "pureftp" # Which logfile group... LogFile = pureftp *OnlyService = pure-ftpd *RemoveHeaders = # Should we show some details? $show_logins = 0 $show_logouts = 0 # This can get rather large, it details files which were uploaded or downloaded # by who, and where from. $show_data_transfers = 0 # How many connections did we get? # This only shows where it came from and how many per ip / host. $show_new_connections = 0 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/qmail-pop3d.conf000066400000000000000000000034751215235751200235110ustar00rootroot00000000000000########################################################################### # $Id: qmail-pop3d.conf,v 1.1 2005/09/07 00:37:59 bjorn Exp $ ########################################################################### # $Log: qmail-pop3d.conf,v $ # Revision 1.1 2005/09/07 00:37:59 bjorn # New qmail multilog files written by Bob Hutchinson # ########################################################################### # for use with multilog # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "qmail-pop3" # Which logfile group... LogFile = qmail-pop3d-current # Only give lines pertaining to the qmail service... #*OnlyService = qmail *RemoveHeaders = # This sets whether to display counts of emails from each user & to each user. # Will make rather a large log file if run on a primary mail server. # Set either 0 or 1 $qmail_high_detail = 1 # Threshold controls the minimum number for: # "From this server" ($from_threshold) # "To Remote Server" ($remote_threshold) # "To Local Server" ($local_threshold) # Threshold is a global variable. # These are only used IF you have $qmail_high_detail set to 1 $threshold = 10 # From threshold is a minimum for the number of emails people send out. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $from_threshold = # Remote threshold is a minimum for the number of emails that go to a remote server. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $to_threshold = logwatch-7.4.0+svn20130529rev144/conf/services/qmail-pop3ds.conf000066400000000000000000000035011215235751200236620ustar00rootroot00000000000000########################################################################### # $Id: qmail-pop3ds.conf,v 1.1 2005/09/07 00:37:59 bjorn Exp $ ########################################################################### # $Log: qmail-pop3ds.conf,v $ # Revision 1.1 2005/09/07 00:37:59 bjorn # New qmail multilog files written by Bob Hutchinson # ########################################################################### # for use with multilog # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "qmail-pop3s" # Which logfile group... LogFile = qmail-pop3ds-current # Only give lines pertaining to the qmail service... #*OnlyService = qmail *RemoveHeaders = # This sets whether to display counts of emails from each user & to each user. # Will make rather a large log file if run on a primary mail server. # Set either 0 or 1 $qmail_high_detail = 1 # Threshold controls the minimum number for: # "From this server" ($from_threshold) # "To Remote Server" ($remote_threshold) # "To Local Server" ($local_threshold) # Threshold is a global variable. # These are only used IF you have $qmail_high_detail set to 1 $threshold = 10 # From threshold is a minimum for the number of emails people send out. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $from_threshold = # Remote threshold is a minimum for the number of emails that go to a remote server. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $to_threshold = logwatch-7.4.0+svn20130529rev144/conf/services/qmail-send.conf000066400000000000000000000040341215235751200234050ustar00rootroot00000000000000########################################################################### # $Id: qmail-send.conf,v 1.1 2005/09/07 00:37:59 bjorn Exp $ ########################################################################### # $Log: qmail-send.conf,v $ # Revision 1.1 2005/09/07 00:37:59 bjorn # New qmail multilog files written by Bob Hutchinson # ########################################################################### # for use with multilog # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "qmail-send" # Which logfile group... LogFile = qmail-send-current # Only give lines pertaining to the qmail service... #*OnlyService = qmail *RemoveHeaders = # This sets whether to display counts of emails from each user & to each user. # Will make rather a large log file if run on a primary mail server. # Set either 0 or 1 $qmail_high_detail = 1 # Threshold controls the minimum number for: # "From this server" ($from_threshold) # "To Remote Server" ($remote_threshold) # "To Local Server" ($local_threshold) # Threshold is a global variable. # These are only used IF you have $qmail_high_detail set to 1 $threshold = 10 # From threshold is a minimum for the number of emails people send out. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $from_threshold = # Remote threshold is a minimum for the number of emails that go to a remote server. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $remote_threshold = # Local threshold is a minimum for the number of emails that go to this local server. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $local_threshold = logwatch-7.4.0+svn20130529rev144/conf/services/qmail-smtpd.conf000066400000000000000000000076311215235751200236110ustar00rootroot00000000000000########################################################################### # $Id: qmail-smtpd.conf,v 1.3 2007/01/29 19:09:51 bjorn Exp $ ########################################################################### # $Log: qmail-smtpd.conf,v $ # Revision 1.3 2007/01/29 19:09:51 bjorn # Handle log entries from simscan v1.2 or later, and improved output report, # by Bob Hutchinson. # # Revision 1.2 2005/09/07 15:20:21 bjorn # Added badmailfrom/badmailto, by Bob Hutchinson # # Revision 1.1 2005/09/07 00:37:59 bjorn # New qmail multilog files written by Bob Hutchinson # ########################################################################### # for use with multilog # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "qmail-smtp" # Which logfile group... LogFile = qmail-smtpd-current # Only give lines pertaining to the qmail service... #*OnlyService = qmail *RemoveHeaders = # This sets whether to display counts of emails from each user & to each user. # Will make rather a large log file if run on a primary mail server. # Set either 0 or 1 $qmail_high_detail = 1 # Threshold controls the minimum number for all thresholds: # Threshold is a global variable. # These are only used IF you have $qmail_high_detail set to 1 $threshold = 1 # From threshold is a minimum for the number of emails people send out. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $from_threshold = # Remote threshold is a minimum for the number of emails that go to a remote server. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $to_threshold = # rbl $blocked_threshold = # chkuser # display = 1 , switch off = 0 $show_chkuser_rejects = 1 $chkuser_rejects_from_threshold = $chkuser_rejects_to_threshold = $chkuser_rejects_remote_threshold = $chkuser_rejects_reason_threshold = # display = 1 , switch off = 0 $show_chkuser_rejects_relay = 1 $chkuser_rejects_relay_from_threshold = $chkuser_rejects_relay_to_threshold = $chkuser_rejects_relay_remote_threshold = # display = 1 , switch off = 0 $show_chkuser_accepts = 1 $chkuser_accepts_from_threshold = $chkuser_accepts_to_threshold = # display = 1 , switch off = 0 $show_chkuser_accepts_relay = 1 $chkuser_accepts_relay_from_threshold = $chkuser_accepts_relay_to_threshold = # display = 1 , switch off = 0 $show_chkuser_other = 1 $chkuser_noauthresource_threshold = $chkuser_overquota_threshold = $chkuser_rejected_intrusion_threshold = # display = 1 , switch off = 0 $show_chkuser_accepted_sender = 1 $chkuser_accepted_sender_from_threshold = $chkuser_accepted_sender_remote_threshold = $chkuser_accepted_null_sender_remote_threshold = # display = 1 , switch off = 0 $show_chkuser_rejected_sender = 1 $chkuser_rejected_sender_from_threshold = $chkuser_rejected_sender_remote_threshold = $chkuser_rejected_sender_reason_threshold = # simscan $simscan_threshold = $simscan_from_threshold = $simscan_to_threshold = $simscan_attach_threshold = $simscan_regex_threshold = # passthru $show_simscan_passthru = 1 $simscan_passthru_ip_from_threshold = $simscan_passthru_from_threshold = $simscan_passthru_to_threshold = # spam_reject $show_simscan_spam_reject = 1 $simscan_spam_reject_ip_from_threshold = $simscan_spam_reject_from_threshold = $simscan_spam_reject_to_threshold = # spam_dropped $show_simscan_spam_dropped = 1 $simscan_spam_dropped_ip_from_threshold = $simscan_spam_dropped_from_threshold = $simscan_spam_dropped_to_threshold = # badmail $badmailto_ip_threshold = $badmailto_email_threshold = $badmailfrom_ip_threshold = $badmailfrom_email_threshold = # 1 or 0 $ignoreunmatched = 0 logwatch-7.4.0+svn20130529rev144/conf/services/qmail.conf000066400000000000000000000035101215235751200224540ustar00rootroot00000000000000########################################################################### # $Id: qmail.conf,v 1.6 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "qmail" # Which logfile group... LogFile = maillog # Only give lines pertaining to the qmail service... *OnlyService = qmail *RemoveHeaders = # This sets whether to display counts of emails from each user & to each user. # Will make rather a large log file if run on a primary mail server. # Set either 0 or 1 $qmail_high_detail = 0 # Threshold controls the minimum number for: # "From this server" ($from_threshold) # "To Remote Server" ($remote_threshold) # "To Local Server" ($local_threshold) # Threshold is a global variable. # These are only used IF you have $qmail_high_detail set to 1 $threshold = 4 # From threshold is a minimum for the number of emails people send out. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $from_threshold = 6 # Remote threshold is a minimum for the number of emails that go to a remote server. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $remote_threshold = 2 # Local threshold is a minimum for the number of emails that go to this local server. # This will over-ride threshold for this value. # If it is not set, the global $threshold is used. Set to 0 for all. $local_threshold = 7 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/raid.conf000066400000000000000000000002521215235751200222700ustar00rootroot00000000000000 Title = "Raid" # Which logfile group... LogFile = messages # Only give lines pertaining to the kernel service... *OnlyService = kernel # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/resolver.conf000066400000000000000000000052501215235751200232150ustar00rootroot00000000000000############################################################################# # $Id: resolver.conf,v 1.1 2005/10/19 05:57:40 bjorn Exp $ ############################################################################# # $Log: resolver.conf,v $ # Revision 1.1 2005/10/19 05:57:40 bjorn # dnssec and resolver scripts, written by Lindy Foster # ############################################################################# #Copyright (c) 2004, Sparta, Inc #All rights reserved. # #Redistribution and use in source and binary forms, with or without #modification, are permitted provided that the following conditions are met: # #* Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # #* Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # #* Neither the name of Sparta, Inc nor the names of its contributors may # be used to endorse or promote products derived from this software # without specific prior written permission. # #THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS #IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, #THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR #PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR #CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, #EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, #PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; #OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, #WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR #OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF #ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ############################################################################# ############################################################################# # These scripts were created as part of the dnssec-tools project. # For more information, see http://sourceforge.net/dnssec-tools. # Detailed instructions for setting up BIND 9.3.* to use these logwatch # configuration files and scripts are containted in the README file # on sourceforge. ############################################################################# ########################################################################### # Configuration file for resolver filter ########################################################################### Title = "Resolver" # Which logfile group... LogFile = resolver logwatch-7.4.0+svn20130529rev144/conf/services/rt314.conf000066400000000000000000000004251215235751200222300ustar00rootroot00000000000000############################################################################# # $Id: rt314.conf,v 1.5 2005/02/24 17:05:20 kirk Exp $ ############################################################################# Title = "RT314" LogFile = rt314 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/samba.conf000066400000000000000000000016251215235751200224410ustar00rootroot00000000000000########################################################################### # $Id: samba.conf,v 1.7 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "samba" # Which logfile group... LogFile = samba ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/saslauthd.conf000066400000000000000000000017221215235751200233440ustar00rootroot00000000000000########################################################################### # $Id: saslauthd.conf,v 1.2 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = SASL Auth Daemon # Which logfile group... LogFile = secure # Only give lines pertaining to the postfix service... *OnlyService = "saslauthd\[\d+\]" *RemoveHeaders = ######################################################## # This was written and is maintained by: # # Please send all comments, suggestions, bug reports, # ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/scsi.conf000066400000000000000000000021521215235751200223130ustar00rootroot00000000000000########################################################################### # $Id: scsi.conf,v 1.1 2005/05/21 23:11:51 bjorn Exp $ ########################################################################### # $Log: scsi.conf,v $ # Revision 1.1 2005/05/21 23:11:51 bjorn # Submitted by Benjamin Baudoux. # ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Kernel module scsi" LogFile = messages *OnlyService = scsi *RemoveHeaders ######################################################## # This was written and is maintained by: # cadtool@stepmind.com # # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/secure.conf000066400000000000000000000031261215235751200226420ustar00rootroot00000000000000########################################################################### # $Id: secure.conf,v 1.14 2006/10/20 16:53:21 bjorn Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Connections (secure-log)" # Which logfile group... LogFile = secure # Whether or not to lookup the IPs into hostnames... # Setting this to Yes will significantly increase runtime $secure_ip_lookup = No # Use this to ignore certain services in the secure log. # You can ignore as many services as you would like. # (we ignore sshd because its entries are processed by the sshd script) $ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd # For these services, summarize only (i.e. don't least each IP, just # list the number of connections total) #$summarize_connections = ftp # Use secure_[servicename] to add a floor to the output #Example this limits the output to only pop3 connects greater then 500 #$secure_pop3 = 500 ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/sendmail-largeboxes.conf000066400000000000000000000025361215235751200253050ustar00rootroot00000000000000########################################################################### # $Id: sendmail-largeboxes.conf,v 1.5 2005/12/07 19:22:29 bjorn Exp $ ########################################################################### # This displays a warning for large mailboxes # Best solution would be to have a config setting for what the # server administrator considers as "large". Hard coded to consider 40Mb+ # as large. # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 # service title Title = "sendmail-largeboxes (large mail spool files)" # Which logfile group... LogFile = NONE # Mailbox size threshold # can add units KB, MB, GB, TB # can set to 0 to report spool files being created where they shouldn't $sendmail_largeboxes_size = 40MB ######################################################## # This was written and is maintained by: # Colin Smith # # Please send all comments, suggestions, bug reports, # etc, to Colin.Smith@fantasie.org.uk ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/sendmail.conf000066400000000000000000000150441215235751200231520ustar00rootroot00000000000000########################################################################### # $Id: sendmail.conf,v 1.14 2005/11/30 23:58:59 bjorn Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "sendmail" # Which logfile group... LogFile = maillog # Only give lines pertaining to the sendmail service... *MultiService = sendmail,sm-mta *RemoveHeaders # Previous versions of sendmail.conf allowed for the use of the # $Sendmail_Detail variable. Because now all services have use # of the Detail variable, $Sendmail_Detail is deprecated, and may # be removed in a future version of the sendmail filter script. # How Detail affects the output of sendmail is described here: # # The Detail is used to override the general logwatch Detail # parameter that is set either when invoking logwatch (option --detail) # or specified in the conf/logwatch.conf file, in the variable Detail. # If not specified, the default is to inherit the value of the general # logwatch Detail setting. # # Example: #Detail = 5 # # The defined values of Detail are as follows: # Detail >= 0: Will print:"; # - severe errors and basic statistics"; # Detail >= 3: Print above plus:"; # - counts of errors handled by sendmail"; # Detail >= 5: Print above plus:"; # - details of errors handled by sendmail"; # Detail >= 10: Print above plus:"; # - all statistics gathered"; # Note that Detail is independent of sendmail's LogLevel. # The logwatch script should be able to handle any logging level # set in sendmail (either through confLOG_LEVEL in the *.mc files # or through LogLevel in the *.cf files). The default setting is # usually a LogLevel of 9. At level 15, for example, SMTP # transactions are logged, and the logwatch script extracts additional # information. Levels above 15 generate additional debug information, # which is filtered by the logwatch script. Therefore, setting higher # levels of LogLevel will yield larger mail log files, may provide # additional parsed information in the logwatch log, but should not # cause new unmatched entries. # All sendmail log statements that start with "DEBUG: " will be filtered. # This may be used for user-defined statements that should appear on the log, # but not reported by logwatch. # $Sendmail_PrettyHost is used to format host entries in a tabular # format. It is mostly useful when you have a very large number of # entries for errors that display host names/addresses. If not # specified, the default is 0, which indicates that no additional # host formatting is done. Set to 1 to enable the host formatting. #$Sendmail_PrettyHost = 0 # The following are examples of the use of variables SendmailMatchFilter, # Sendmail_ReportFilter, and $Sendmail_MilterHeadersToCount. # To uncomment and use these specific examples, remember to remove the '#' # from the first column. And of course, you can write your own filters. # Note that unlike the statements in the sendmail script, you must end # each line (except the last one) with a \ to denote a continuation line #$Sendmail_MatchFilter = " \ # # filter and count how many times the alias database is rebuilt \ # if ( ($User) = ($ThisLine =~ /^alias database .* rebuilt by (.*)/ ) ) { \ # $DatabaseBuild{$User}++; \ # # note that we don't need to re-assign an empty string to $ThisLine \ # # because the 'alias database' line is then ignored by the \ # # scripts/services/sendmail script. \ # } \ # \ # # here we'll choose to ignore and not report the 'lost input channel' \ # # statements \ # if ( $ThisLine =~ /^lost input channel from/ ) { \ # # we re-assign an empty string to $ThisLine to prevent further \ # # processing of this log line by the sendmail script. \ # $ThisLine = ""; \ # }" #$Sendmail_ReportFilter = " \ # if (keys %DatabaseBuild) { \ # print "\n\nDatabase re-built by:"; \ # foreach $User (keys %DatabaseBuild) { \ # print "\n $User: $DatabaseBuild{$User} Time(s)"; \ # } \ # }" # The $Sendmail_MilterHeadersToCount will count every header added with # one (or more) of the specified strings. Each string is specified by # delimiting it with a vertical bar, and is counted separately: $Sendmail_MilterHeadersToCount = "X-SPF|X-Spam|X-Scanned-By: MIMEDefang|Received-SPF: fail|Received-SPF: softfail" ######################################################### # Sendmail Threshold values. # These allow you to configure the output and restrict verbose reports # by limiting what is printed to occurances >= the value you enter. # # Note that case is insensitive. #Sendmail Config Values $sendmail_mailbomblistthreshold = 25 $sendmail_mailbombthreshold = 10 $sendmail_unresolveddomainsthreshold = 1 $sendmail_knownspammerthreshold = 1 $sendmail_relaydeniedthreshold = 1 $sendmail_checkmailrejectthreshold = 1 $sendmail_checkrcptrejectthreshold = 1 $sendmail_lostinputchannelthreshold = 1 $sendmail_dummyconnectionthreshold = 1 $sendmail_unknownhoststhreshold = 1 $sendmail_unknownusersthreshold = 1 $sendmail_domainerrorsthreshold = 1 $sendmail_pregreetingthreshold = 1 $sendmail_collecterrorthreshold = 1 $sendmail_timeoutthreshold = 1 $sendmail_blackholethreshold = 1 #Set this to Null to suppress the Top 10 Email Addresses $sendmail_tolistthreshold = 10 ######################################################## # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/shaperd.conf000066400000000000000000000013521215235751200230010ustar00rootroot00000000000000########################################################################### # $Id: shaperd.conf,v 1.4 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Shaperd" # Which logfile group... LogFile = messages # Only give lines pertaining to the modprobe service... *OnlyService = shaperd\d *RemoveHeaders # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/slon.conf000066400000000000000000000024441215235751200223310ustar00rootroot00000000000000########################################################################### # $Id: slon.conf,v 1.2 2005/10/31 16:21:20 bjorn Exp $ ########################################################################### # $Log: slon.conf,v $ # Revision 1.2 2005/10/31 16:21:20 bjorn # Updates to paths to reflect new Filesystem Hierarchy Standard, # by Ivana Varekova. # # Revision 1.1 2005/09/27 21:51:25 bjorn # New slon service by Jeff Frost # ########################################################################### # This config file assumes that slon is # logging to /var/log/messages, if not, you need to # update the /usr/share/logwatch/default.conf/services/slon.conf and # possibly add a new entry in /usr/share/logwatch/default.conf/logfiles # ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "slon" # Which logfile group... LogFile = messages # Only give lines pertaining to the sshd service... *OnlyService = slon *RemoveHeaders logwatch-7.4.0+svn20130529rev144/conf/services/smartd.conf000066400000000000000000000013421215235751200226440ustar00rootroot00000000000000########################################################################### # $Id: smartd.conf,v 1.4 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Smartd" # Which logfile group... LogFile = messages # Only give lines pertaining to the smartd service... *OnlyService = smartd *RemoveHeaders # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/sonicwall.conf000066400000000000000000000017611215235751200233520ustar00rootroot00000000000000########################################################################### # $Id: sonicwall.conf,v 1.2 2006/01/31 20:12:24 bjorn Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "sonicwall" # Which logfile group... LogFile = sonicwall LogFile = messages # sonicwall does not print a service name, but it does tag its line with # "id=firewall" *OnlyService = id=firewall ######################################################## # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/spamassassin.conf000066400000000000000000000010661215235751200240620ustar00rootroot00000000000000################################################################## # SpamAssassin spamd logs # ################################################################## Title = "SpamAssassin" LogFile = spamassassin # Pull in sendmail for matching msgid to sender for statistics *OnlyService = (spamd|sendmail) *RemoveHeaders # Ignore connections from these hosts. # The value is a regular expression that the hostname plus IP address is matched # against. Separate multiple hosts/IPs with | # $ignore_connections = myspamclient.mydomain # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/sshd.conf000066400000000000000000000035271215235751200223220ustar00rootroot00000000000000########################################################################### # $Id: sshd.conf,v 1.18 2007/04/15 20:59:02 bjorn Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "SSHD" # Which logfile group... LogFile = secure LogFile = messages # Only give lines pertaining to the sshd service... *OnlyService = sshd *RemoveHeaders # Variable $sshd_ignore_host is used to filter out hosts that login # successfully. This commented-out example filters out reserved local # addresses (IETF RFC 1918 and RFC 3330). #$sshd_ignore_host="^10\.|^172\.(1[6-9]|2[0-9]|3[01])\.|^192\.168\.|^127\." # The refused connections report lists every ip that is refused even if # it was only refused 1 or 2 times. In a case like that I don't care # to see the information. It is just noise. I want to know when a # a connection has been refused 10, 20, 30 times because that is an # indication of an attack or a problem. # Set this variable to a positive integer to trim out the lower count # refused connections from the report. i.e. 10 would not show any hosts # with less than 10 refusals. # This has no effect if the $Detail variable is greater than 5. #$refused_connections_threshold = 10 ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/sshd2.conf000066400000000000000000000017621215235751200224030ustar00rootroot00000000000000########################################################################### # $Id: sshd2.conf,v 1.7 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Sshd2" # Which logfile group... LogFile = messages # Only give lines pertaining to the sshd2 service... *OnlyService = sshd2 *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/stunnel.conf000066400000000000000000000015521215235751200230450ustar00rootroot00000000000000########################################################################## # $Id: stunnel.conf,v 1.5 2005/02/24 17:05:20 kirk Exp $ ########################################################################## # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "stunnel" # Which logfile group... LogFile = secure # Reduce output for allowed services # all services listed comma separated in the following variable will be # summarized to "how often was this service used" $STUNNEL_ALLOWED_SERVICES = "" *OnlyService = stunnel *RemoveHeaders # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/sudo.conf000066400000000000000000000022011215235751200223170ustar00rootroot00000000000000########################################################################### # $Id: sudo.conf,v 1.8 2006/09/13 04:00:43 bjorn Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Sudo (secure-log)" # Which logfile group... LogFile = secure # Only give lines pertaining to the sudo service... *OnlyService = sudo *RemoveHeaders # number of times same command $0 run by same user for summary only to be # generated at low detail level $command_run_threshold = 0 ######################################################## # This was written and is maintained by: # Erik Ogan # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/syslog-ng.conf000066400000000000000000000020471215235751200232770ustar00rootroot00000000000000########################################################################### # $Id: syslog-ng.conf,v 1.4 2009/11/29 12:41:47 general stab $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Syslog-ng" # Which logfile group... LogFile = messages # Only give lines pertaining to the syslogd service... *OnlyService = "syslog-ng\[[0-9]*\]" *RemoveHeaders ######################################################## # This was written and is maintained by: # Stefan Jakobs # # Please send all comments, suggestions, bug reports, # etc, to logwatch at localside.net. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/syslogd.conf000066400000000000000000000017731215235751200230460ustar00rootroot00000000000000########################################################################### # $Id: syslogd.conf,v 1.10 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Syslogd" # Which logfile group... LogFile = messages # Only give lines pertaining to the syslogd service... *OnlyService = syslogd *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/tac_acc.conf000066400000000000000000000011531215235751200227270ustar00rootroot00000000000000######################################################## # $Id: tac_acc.conf,v 1.5 2005/02/24 17:05:20 kirk Exp $ ######################################################## # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Tacacs accounting" # Which logfile group... LogFile = tac_acc # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/up2date.conf000066400000000000000000000016431215235751200227220ustar00rootroot00000000000000########################################################################### # $Id: up2date.conf,v 1.5 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "up2date" # Which logfile group... LogFile = up2date ######################################################## # This was written and is maintained by: # Eric Moret # # Please send all comments, suggestions, bug reports, # etc, to eric.moret@epita.fr. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/vdr.conf000077500000000000000000000016271215235751200221560ustar00rootroot00000000000000########################################################################### # $Id: vdr.conf,v 1.0 2011/10/09 17:05:20 reibuehl Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "vdr" # Which logfile group... LogFile = vdr ######################################################## # This was written and is maintained by: # Reiner Buehl # # Please send all comments, suggestions, bug reports, # etc, to reiner@buehl.net. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/vpopmail.conf000066400000000000000000000014511215235751200232020ustar00rootroot00000000000000########################################################################### # $Id: vpopmail.conf,v 1.6 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "vpopmail" # Which logfile group... LogFile = maillog # Only give lines pertaining to the qmail service... *OnlyService = vpopmail *RemoveHeaders = # Do you want to report succeful logins? $successful_logins = 0 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/vsftpd.conf000066400000000000000000000013651215235751200226650ustar00rootroot00000000000000 # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = vsftpd-messages # Which logfile group... LogFile = vsftpd # *OnlyService = vsftpd *RemoveHeaders = # Set this to 1 if you want to ignore unmatched FTP messages... $vsftpd_ignore_unmatched = 0 # NOTE: Be sure to add these to your FTP server's vsftpd.conf file: # (NOT this logwatch configuration file) # xferlog_enable=YES # xferlog_std_format=YES # dual_log_enable=YES # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/windows.conf000066400000000000000000000022761215235751200230530ustar00rootroot00000000000000########################################################################## # $Id: windows.conf,v 1.1 2006/03/22 17:46:22 bjorn Exp $ ########################################################################## ########################################################################## # This was written and is maintained by: # William Roumier # # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ########################################################################## # This service analyzes the syslog entries for Windows # systems. It requires an utility to extract information # from the Windows eventlog, and forward it to a UNIX syslog # server. ########################################################################## # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "windows" # Which logfile group... LogFile = windows logwatch-7.4.0+svn20130529rev144/conf/services/xntpd.conf000066400000000000000000000020201215235751200225010ustar00rootroot00000000000000########################################################################### # $Id: xntpd.conf,v 1.2 2005/02/24 17:05:20 kirk Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "XNTPD" # Which logfile group... #LogFile = secure LogFile = messages # Only give lines pertaining to the ntpd service... *MultiService = ntpd,xntpd,ntpdate *RemoveHeaders ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/yum.conf000066400000000000000000000001271215235751200221640ustar00rootroot00000000000000Title = "yum" # Which logfile group... LogFile = yum # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/zypp.conf000066400000000000000000000011351215235751200223540ustar00rootroot00000000000000########################################################################### # $Id$ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = zypp status changes # Which logfile group... LogFile = zypp # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/zz-disk_space.conf000066400000000000000000000031461215235751200241240ustar00rootroot00000000000000# This just displays the file system disk usage at the end of the report... # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Disk Space" # Which logfile group... LogFile = NONE # disk report options # Uncomment this to show the home directory sizes #$show_home_dir_sizes = 1 #$home_dir = "/home" # Uncomment this to show the mail spool size #$show_mail_dir_sizes = 1 #$mail_dir = "/var/spool/mail" # Uncomment this to show the system directory sizes /opt /usr/ /var/log #$show_disk_usage = 1 # The variables df_options and disk_cmd are used to customize the reporting # of filesystem disk usage. For example, the following are the defaults # for Linux OS: # $df_options = "-h -l -x tmpfs" # $disk_cmd = "df $df_options" # Uncomment this to add -l to df command. Only see local disks. #$local_disks_only = 1 # The variable diskfull_threshold, when set to a positive number, will # print a warning if the disk utilization exceeds that number. Default # is 90. Set to 0 if no warning desired. #$diskfull_threshold = 0 ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/zz-fortune.conf000066400000000000000000000017271215235751200235040ustar00rootroot00000000000000########################################################################### # $Id: zz-fortune.conf,v 1.8 2005/02/24 17:05:21 kirk Exp $ ########################################################################### # This just displays a fortune at the end of the report... # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Fortune" # Which logfile group... LogFile = NONE ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/zz-network.conf000066400000000000000000000023121215235751200235020ustar00rootroot00000000000000########################################################################### # $Id: zz-network.conf,v 1.2 2006/02/19 22:33:26 bjorn Exp $ ########################################################################### # This just displays a fortune at the end of the report... # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "Network Report" # Which logfile group... LogFile = NONE # The following variables may be set. They are commented-out because these # are the same defaults in the zz-network script # $pathto_chkconfig=/sbin/chkconfig # $pathto_vtysh=/usr/bin/vtysh # $pathto_sysctl_conf=/etc/sysctl.conf # $pathto_routeadm=/usr/sbin/routeadm # $pathto_ip=/sbin/ip ######################################################## # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/zz-runtime.conf000066400000000000000000000013421215235751200234760ustar00rootroot00000000000000########################################################################### # $Id: zz-runtime.conf,v 1.2 2007/04/28 23:47:13 bjorn Exp $ ########################################################################### # $Log: zz-runtime.conf,v $ # Revision 1.2 2007/04/28 23:47:13 bjorn # Added show_runtime variable. # # Revision 1.1 2007/03/17 19:28:42 bjorn # Added zz-runtime for runtime statistics. Currently prints uptime, # per Jason Sjobeck's proposal. # ########################################################################### Title = "Runtime Statistics" LogFile = NONE # The variable show_uptime, when set to one, will display the # uptime at the time the script is run. #$show_uptime = 0 # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/zz-sys.conf000066400000000000000000000017671215235751200226440ustar00rootroot00000000000000########################################################################### # $Id: zz-sys.conf,v 1.1 2006/02/19 23:12:50 bjorn Exp $ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "System Configuration" # Which logfile group... LogFile = NONE # The value of 0.4 will cause this service to be displayed in front of any # other service that has the default of 0.5 DisplayOrder = 0.4 ######################################################## # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/conf/services/zz-zfs.conf000066400000000000000000000015301215235751200226140ustar00rootroot00000000000000########################################################################### # $Id$ ########################################################################### # Show status of ZFS pools Title = "ZFS Report" LogFile = NONE # Where your zpool and zfs commands live #$pathto_zpool = "/usr/sbin/zpool" #$pathto_zfs = "/usr/sbin/zfs" # If you want to set the detail level for zz-zfs separately from the # rest of logwatch, you can do it here: $zfs_detail = 0 # Set this to print only the summary (default if detail level is "Low") #$summary_only = 1 # Set this to print only the status detail #$detail_only = 1 ######################################################## # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@logwatch.org ######################################################## # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/ignore.conf.5000066400000000000000000000000301215235751200202210ustar00rootroot00000000000000.so man5/logwatch.conf.5logwatch-7.4.0+svn20130529rev144/install_logwatch.sh000066400000000000000000000243051215235751200216310ustar00rootroot00000000000000#!/bin/sh # #The MIT License # #Copyright (c) 2005-2006 Mike Tremaine # #Permission is hereby granted, free of charge, to any person obtaining #a copy of this software and associated documentation files (the "Software"), #to deal in the Software without restriction, including without limitation #the rights to use, copy, modify, merge, publish, distribute, sublicense, #and/or sell copies of the Software, and to permit persons to whom the #Software is furnished to do so, subject to the following conditions: # #The above copyright notice and this permission notice shall be included #in all copies or substantial portions of the Software. # #THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, #EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF #MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. #IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, #DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR #OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR #THE USE OR OTHER DEALINGS IN THE SOFTWARE. # __________________________________________________________________ # # File: install_logwatch.sh # Author: Mike Tremaine [mgt /at/ stellarcore.net] # Maintainer: Mike Tremaine [mgt /at/ stellarcore.net] # $Id: install_logwatch.sh,v 1.20 2008/05/12 22:53:28 mike Exp $ # # $Log: install_logwatch.sh,v $ # Revision 1.20 2008/05/12 22:53:28 mike # removed -T flag no sure why it was there -mgt # # Revision 1.19 2008/05/08 23:15:55 mike # Added install to logwatch.cron if no cron.daily dir. -mgt # # Revision 1.18 2008/05/08 22:47:41 mike # Added BIGGER note for the new cron requirement -mgt # # Revision 1.17 2007/11/28 16:06:56 mike # Prefix option code from Craig Ruff -mgt # # Revision 1.16 2007/11/28 15:50:43 mike # Typod Craig Ruff sorry -mgt # # Revision 1.15 2007/11/28 15:49:47 mike # Patch from Craig Ruff for MANDIR under Solaris -mgt # # Revision 1.14 2007/11/28 15:43:14 mike # Patch from Craig Ruff for CONFIGDIR munge -mgt # # __________________________________________________________________ # #Note: This script is provided for the non-RPM installs. #It is preferred that logwatch be packaged by a distribution #specifically for your installation. But since that is not always #possible we have included this script. #Add PATHS for various OS options #Set PATH for solaris /usr/ucb/install PATH=/usr/ucb:$PATH #Set PATH for OpenBSD makewhatis /usr/libexec/makewhatis PATH=$PATH:/usr/libexec #Set PATH for IRIX makewhatis /usr/lib/makewhatis PATH=$PATH:/usr/lib export PATH #Set OS and GLOBIGNORE OS=`uname -s` GLOBIGNORE=*CVS #All these can be set via user input #Defaults BASEDIR="/usr/share/logwatch" CONFIGDIR="/etc/logwatch" TEMPDIR="/var/cache/logwatch" PERLEXE="/usr/bin/perl" MANDIR="/usr/share/man" #Command line options section #Currently only prefix is supported but now that the door is open other options should follow. -mgt ac_prev= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" ac_prev= continue fi ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` case $ac_option in -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; *) echo "Unknown option '$ac_option'" ;; esac done if [ "x$prefix" != "x" ]; then BASEDIR=$prefix munge_base=1 CONFIGDIR=$BASEDIR/etc munge_conf=1 TEMPDIR=$BASEDIR/tmp munge_temp=1 MANDIR=$BASEDIR/man fi #Talk to user printf "#################################\n" printf "Preparing to install Logwatch\n" printf "Enter the path to the Logwatch BaseDir [$BASEDIR] : " read base if [ "$base" = "" ]; then printf "### Using $BASEDIR\n" else BASEDIR="$base" #Set munge flag munge_base=1 printf "### Using $BASEDIR [will modify logwatch.pl]\n" fi printf "Enter the path for the Logwatch ConfigDir [$CONFIGDIR] : " read config if [ "$config" = "" ]; then printf "### Using $CONFIGDIR\n" else CONFIGDIR="$config" munge_conf=1 printf "### Using $CONFIGDIR [will modify logwatch.pl]\n" fi printf "Enter the dir name to be used for temp files [$TEMPDIR] : " read temp if [ "$temp" = "" ]; then printf "### Using $TEMPDIR\n" else TEMPDIR="$temp" munge_temp=1 printf "### Using $TEMPDIR [will write to $CONFIGDIR/conf/logwatch.conf]\n" fi printf "Enter the location of perl [$PERLEXE] : " read perlexe if [ "$perlexe" = "" ]; then printf "### Using $PERLEXE\n" else PERLEXE="$perlexe" munge_perl=1 printf "### Using $PERLEXE [will modify logwatch.pl]\n" fi printf "Enter the dir name to used for the manpage [$MANDIR] : " read mandir if [ "$mandir" = "" ]; then printf "### Using $MANDIR\n" else MANDIR="$mandir" printf "### Using $MANDIR [Will try to run makewhatis]\n" fi echo "### Installing" #OS Tests for known issues if [ $OS = "Darwin" ]; then munge_gzcat = 1 fi #Install is borked under IRIX #BASE install -m 0755 -d $BASEDIR install -m 0755 -d $BASEDIR/dist.conf install -m 0755 -d $BASEDIR/dist.conf/logfiles install -m 0755 -d $BASEDIR/dist.conf/services install -m 0755 -d $BASEDIR/default.conf install -m 0755 -d $BASEDIR/default.conf/logfiles install -m 0755 -d $BASEDIR/default.conf/services install -m 0755 -d $BASEDIR/default.conf/html install -m 0755 -d $BASEDIR/scripts install -m 0755 -d $BASEDIR/scripts/logfiles install -m 0755 -d $BASEDIR/scripts/services install -m 0755 -d $BASEDIR/scripts/shared install -m 0755 -d $BASEDIR/lib install -m 0644 README $BASEDIR/README install -m 0644 HOWTO-Customize-LogWatch $BASEDIR/HOWTO-Customize-LogWatch install -m 0644 conf/*.conf $BASEDIR/default.conf install -m 0644 conf/logfiles/* $BASEDIR/default.conf/logfiles install -m 0644 conf/services/* $BASEDIR/default.conf/services install -m 0644 conf/html/* $BASEDIR/default.conf/html install -m 0755 scripts/logwatch.pl $BASEDIR/scripts/logwatch.pl for i in scripts/logfiles/* ; do if [ `ls $i | grep -v CVS | wc -l` -ne 0 ] ; then install -m 0755 -d $BASEDIR/$i install -m 0644 $i/* $BASEDIR/$i fi done install -m 0644 scripts/shared/* $BASEDIR/scripts/shared install -m 0644 scripts/services/* $BASEDIR/scripts/services install -m 0644 lib/* $BASEDIR/lib if [ $munge_base ]; then perl -pi -e "s%/usr/share/logwatch%$BASEDIR%" $BASEDIR/scripts/logwatch.pl fi #CONFIG install -m 0755 -d $CONFIGDIR install -m 0755 -d $CONFIGDIR/scripts install -m 0755 -d $CONFIGDIR/scripts/services install -m 0755 -d $CONFIGDIR/conf install -m 0755 -d $CONFIGDIR/conf/logfiles install -m 0755 -d $CONFIGDIR/conf/services install -m 0755 -d $CONFIGDIR/conf/html if [ $munge_conf ]; then perl -pi -e "s%/etc/logwatch%$CONFIGDIR%" $BASEDIR/scripts/logwatch.pl fi touch $CONFIGDIR/conf/logwatch.conf touch $CONFIGDIR/conf/ignore.conf touch $CONFIGDIR/conf/override.conf #TEMP #Using sanity check incase someone uses /tmp. #The install would destory the perms on /tmp if [ ! -d $TEMPDIR ]; then #Should this be 0700 -d $TEMPDIR ?? install -m 0755 -d $TEMPDIR fi #This can create duplicates need to grep first -mgt if [ $munge_temp ]; then echo "TmpDir = $TEMPDIR" >> $CONFIGDIR/conf/logwatch.conf fi #PERL if [ $munge_perl ]; then perl -pi -e "s%/usr/bin/perl%$PERLEXE%" $BASEDIR/scripts/logwatch.pl fi #Gzcat if [ $munge_gzcat ]; then echo "Pathtozcat = gzcat" >> $CONFIGDIR/conf/logwatch.conf fi #Search for makewhatis for f in `echo $PATH | tr : ' '`; do if [ -x "$f/makewhatis" ]; then HAVE_MAKEWHATIS=1; fi; done #Man page if [ -d $MANDIR/man5 ] && [ -d $MANDIR/man8 ] && [ -d $MANDIR/man1 ] && [ $HAVE_MAKEWHATIS ]; then install -m 0644 logwatch.8 $MANDIR/man8 install -m 0644 logwatch.conf.5 $MANDIR/man5 install -m 0644 override.conf.5 $MANDIR/man5 install -m 0644 ignore.conf.5 $MANDIR/man5 install -m 0644 postfix-logwatch.1 $MANDIR/man1 install -m 0644 amavis-logwatch.1 $MANDIR/man1 #OpenBSD no -s if [ $OS = "OpenBSD" ]; then makewhatis -u $MANDIR/man5 $MANDIR/man8 $MANDIR/man1 else #FreeBSD and NetBSD no -s no -u if [ $OS = "FreeBSD" ] || [ $OS = "NetBSD" ]; then makewhatis $MANDIR/man5 $MANDIR/man8 $MANDIR/man1 else #MacOS X aka Darwin no -u [even thought the manpage says] if [ $OS = "Darwin" ]; then makewhatis -s "1 5 8" $MANDIR else #Linux makewhatis -u -s "1 5 8" $MANDIR fi fi fi else if [ $OS = "SunOS" ]; then #Go for the safe install rather then editing man.cf mkdir -p $MANDIR/man1m > /dev/null 2>&1 install -m 0644 logwatch.8 $MANDIR/man1m install -m 0644 logwatch.conf.5 $MANDIR/man1m install -m 0644 override.conf.5 $MANDIR/man1m install -m 0644 ignore.conf.5 $MANDIR/man1m install -m 0644 postfix-logwatch.1 $MANDIR/man1 install -m 0644 amavis-logwatch.1 $MANDIR/man1 catman -w -M $MANDIR/man1m else install -m 0755 -d $MANDIR/man1 install -m 0644 postfix-logwatch.1 $MANDIR/man1 install -m 0644 amavis-logwatch.1 $MANDIR/man1 install -m 0755 -d $MANDIR/man5 install -m 0644 logwatch.conf.5 $MANDIR/man5 install -m 0644 override.conf.5 $MANDIR/man5 install -m 0644 ignore.conf.5 $MANDIR/man5 install -m 0755 -d $MANDIR/man8 install -m 0644 logwatch.8 $MANDIR/man8 printf "Installed manpages in $MANDIR/man1, $MANDIR/man5 and $MANDIR/man8.\n" printf "Check your man.cf or man.conf to enable MANSECTS 1, 5 and 8\n" fi fi #Symlink ln -f -s $BASEDIR/scripts/logwatch.pl /usr/sbin/logwatch printf "Created symlink for /usr/sbin/logwatch \n" #Cron if [ -d /etc/cron.daily ]; then rm -f /etc/cron.daily/0logwatch install -m 0755 logwatch.cron /etc/cron.daily/0logwatch printf "Created /etc/cron.daily/0logwatch \n" else install -m 0744 logwatch.cron $CONFIGDIR/logwatch.cron printf "################ README ####################.\n" printf "You need to setup your cron job for logwatch.\n" printf "A sample script is included see $CONFIGDIR/logwatch.cron. \n" printf "2 0 * * * $CONFIGDIR/logwatch.cron >/dev/null 2>&1 \n" fi exit # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/lib/000077500000000000000000000000001215235751200165015ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/lib/Logwatch.pm000066400000000000000000000443751215235751200206240ustar00rootroot00000000000000#!/usr/bin/perl # # $Id: Logwatch.pm,v 1.18 2007/02/05 02:31:56 bjorn Exp $ package Logwatch; use strict; use Exporter; use POSIX qw(strftime); =pod =head1 NAME Logwatch -- Utility functions for Logwatch Perl modules. =head1 SYNOPSIS use Logwatch ':sort'; ## ## Show CountOrder() ## # Sample Data my %UnknownUsers = (jb1o => 4, eo00 => 1, ma3d => 4, dr4b => 1); my $sortClosure = CountOrder(%UnknownUsers); foreach my $user (sort $sortClosure keys %UnknownUsers) { my $plural = ($UnknownUsers{$user} > 1) ? "s" : ""; printf " %-8s : %2d time%s\n", $user, $UnknownUsers{$user}, $plural; } ## ## Show TotalCountOrder() ## # Sample Data my %RelayDenied = ( some.server => {you@some.where => 2, foo@bar.com => 4}, other.server => { foo@bar.com => 14 } ); my $sub = TotalCountOrder(%RelayDenied); foreach my $relay (sort $sub keys %RelayDenied) { print " $relay:\n"; my $countOrder = CountOrder(%{$RelayDenied{$relay}}); foreach my $dest (sort $countOrder keys %{$RelayDenied{$relay}}) { my $plural = ($RelayDenied{$relay}{$dest} > 1) ? "s" : ""; printf " %-36s: %3d Time%s\n", $dest, $RelayDenied{$relay}{$dest}, $plural; } } use Logwatch ':ip'; ## ## Show SortIP() ## # Sample Data @ReverseFailures = qw{10.1.1.1 172.16.1.1 10.2.2.2 192.168.1.1 }; @ReverseFailures = sort SortIP @ReverseFailures; { local $" = "\n "; print "Reverse DNS Failures:\n @ReverseFailures\n" } -or- ## ## Show LookupIP() ## foreach my $ip (sort SortIP @ReverseFailures) { printf "%15s : %s\n", $ip, LookupIP($ip); } =head1 DESCRIPTION This module provides utility functions intended for authors of Logwatch scripts. The purpose is to abstract commonly performed actions into a set of generally available subroutines. The subroutines can optionally be imported into the local namespace. =over 4 =cut our @ISA = qw{Exporter}; our @EXPORT; our @EXPORT_OK; our %EXPORT_TAGS = (sort => [qw(CountOrder TotalCountOrder SortIP)], ip => [qw(LookupIP SortIP)], dates => [qw(RangeHelpDM GetPeriod TimeBuild TimeFilter)], ); Exporter::export_ok_tags(qw{sort ip dates}); $EXPORT_TAGS{all} = [@EXPORT, @EXPORT_OK]; =pod =item I This function returns a closure suitable to be passed to Perl's C builtin. When two values are passed to the closure, it compares the numeric values of those keys in C<%hash>, and if they're equal, the lexically order of the keys. Thus: my $sortClosure = CountOrder(%UnknownUsers); foreach my $user (sort $sortClosure keys %UnknownUsers) { my $plural = ($UnknownUsers{$user} > 1) ? "s" : ""; printf " %-8s : %2d time%s\n", $user, $UnknownUsers{$user}, $plural; } Will print the keys and values of C<%UnknownUsers> in frequency order, with keys of equal values sorted lexically. The optional second argument is a coderef to be used to sort the keys in an order other than lexically. (a reference to C, for example.) =cut # Use a closure to abstract the sort algorithm sub CountOrder(\%;&) { my $href = shift; my $coderef = shift; return sub { # $a & $b are in the caller's namespace, moving this inside # guarantees that the namespace of the sort is used, in case # it's different (admittedly, that's highly unlikely), at a # miniscule performance cost. my $package = (caller)[0]; no strict 'refs'; # Back off, man. I'm a scientist. my $A = $ {"${package}::a"}; my $B = $ {"${package}::b"}; use strict 'refs'; # We are a hedge. Please move along. # Reverse the count, but not the compare my $count = $href->{$B} <=> $href->{$A}; return $count if $count; if (ref $coderef) { $a = $A; $b = $B; &$coderef(); } else { ($A cmp $B); } } } =pod =item I This function returns a closure similar to that returned by C, except that it assumes a hash of hashes, and totals the keys of each sub hash. Thus: my $sub = TotalCountOrder(%RelayDenied); foreach my $relay (sort $sub keys %RelayDenied) { print " $relay:\n"; my $countOrder = CountOrder(%{$RelayDenied{$relay}}); foreach my $dest (sort $countOrder keys %{$RelayDenied{$relay}}) { my $plural = ($RelayDenied{$relay}{$dest} > 1) ? "s" : ""; printf " %-36s: %3d Time%s\n", $dest, $RelayDenied{$relay}{$dest}, $plural; } } Will print the relays in the order of their total denied destinations (equal keys sort lexically), with each sub hash printed in frequency order (equal keys sorted lexically) The optional second argument is a coderef to be used to sort the keys in an order other than lexically. (a reference to C, for example.) =cut sub TotalCountOrder(\%;&) { my $href = shift; my $coderef = shift; my $cache = {}; return sub { # $a & $b are in the caller's namespace, moving this inside # guarantees that the namespace of the sort is used, in case # it's different (admittedly, that's highly unlikely), at a # miniscule performance cost. my $package = (caller)[0]; no strict 'refs'; # Back off, man. I'm a scientist. my $A = $ {"${package}::a"}; my $B = $ {"${package}::b"}; use strict 'refs'; # We are a hedge. Please move along. my ($AA, $BB); foreach my $tuple ( [\$A, \$AA], [\$B, \$BB] ) { my $keyRef = $tuple->[0]; my $totalRef = $tuple->[1]; if (exists($cache->{$$keyRef})) { $$totalRef = $cache->{$$keyRef}; } else { grep {$$totalRef += $href->{$$keyRef}->{$_}} keys %{$href->{$$keyRef}}; $cache->{$$keyRef} = $$totalRef; } } my $count = $BB <=> $AA; return $count if $count; if (ref $coderef) { $a = $A; $b = $B; &$coderef(); } else { ($A cmp $B); } } } =pod =item I This function is meant to be passed to the perl C builtin. It sorts a list of "dotted quad" IP addresses by the values of the individual octets. =cut sub canonical_ipv6_address { my @a = split /:/, shift; my @b = qw(0 0 0 0 0 0 0 0); my $i = 0; # comparison is numeric, so we use hex function while (defined $a[0] and $a[0] ne '') {$b[$i++] = hex(shift @a);} @a = reverse @a; $i = 7; while (defined $a[0] and $a[0] ne '') {$b[$i--] = hex(shift @a);} @b; } sub SortIP { # $a & $b are in the caller's namespace. my $package = (caller)[0]; no strict 'refs'; # Back off, man. I'm a scientist. my $A = $ {"${package}::a"}; my $B = $ {"${package}::b"}; $A =~ s/^::(ffff:)?(\d+\.\d+\.\d+\.\d+)$/$2/; $B =~ s/^::(ffff:)?(\d+\.\d+\.\d+\.\d+)$/$2/; use strict 'refs'; # We are a hedge. Please move along. if ($A =~ /:/ and $B =~ /:/) { my @a = canonical_ipv6_address($A); my @b = canonical_ipv6_address($B); while ($a[1] and $a[0] == $b[0]) {shift @a; shift @b;} $a[0] <=> $b[0]; } elsif ($A =~ /:/) { -1; } elsif ($B =~ /:/) { 1; } else { my ($a1, $a2, $a3, $a4) = split /\./, $A; my ($b1, $b2, $b3, $b4) = split /\./, $B; $a1 <=> $b1 || $a2 <=> $b2 || $a3 <=> $b3 || $a4 <=> $b4; } } =pod =item I This function performs a hostname lookup on a passed in IP address. It returns the hostname (with the IP in parentheses) on success and the IP address on failure. Results are cached, so that many calls with the same argument don't tax the resolver resources. For (new) backward compatibility, this function now uses the $DoLookup variable in the caller's namespace to determine if lookups will be made. =cut # Might as well cache it for the duration of the run my %LookupCache = (); sub LookupIP { my $Addr = $_[0]; # OOPS! The 4.3.2 scripts have a $DoLookup variable. Time for some # backwards compatible hand-waving. # for 99% of the uses of this function, assuming package 'main' would # be sufficient, but a good perl hacker designs so that the other 1% # isn't in for a nasty suprise. my $pkg = (caller)[0]; if ($ENV{'LOGWATCH_NUMERIC'} == 1 ) { return $Addr; } # Default to true my $DoLookup = 1; { # An eval() here would be shorter (and probably clearer to more # people), but QUITE a bit slower. This function should be # designed to be called a lot, so efficiency is important. local *symTable = $main::{"$pkg\::"}; # here comes the "black magic," (this "no" is bound to the # enclosing block) no strict 'vars'; if (exists $symTable{'DoLookup'} && defined $symTable{'DoLookup'}) { *symTable = $symTable{'DoLookup'}; $DoLookup = $symTable; } } # "Socket" is used solely to get the AF_INET() and AF_INET6() # constants, usually 2 and 10, respectively. Using Socket is # preferred because of portability, and should be in the standard # Perl distribution. eval "use Socket"; my $hasSocket = $@? 0 : 1; return $Addr unless($DoLookup && $hasSocket); return $LookupCache{$Addr} if exists ($LookupCache{$Addr}); $Addr =~ s/^::ffff://; my $PackedAddr; my $name = ""; # there are other module functions that do this more gracefully # (such as inet_pton), but we can't guarantee that they are available # in every system, so we use the built-in gethostbyaddr. if ($Addr =~ /^[\d\.]*$/) { $PackedAddr = pack('C4', split /\./,$Addr); $name = gethostbyaddr($PackedAddr,AF_INET()); } elsif ($Addr =~ /^[0-9a-zA-Z:]*/) { $PackedAddr = pack('n8', canonical_ipv6_address($Addr)); $name = gethostbyaddr($PackedAddr, AF_INET6()); } if ($name) { my $val = "$Addr ($name)"; $LookupCache{$Addr} = $val; return $val; } else { $LookupCache{$Addr} = $Addr; return ($Addr); } } =pod =item I This function merely prints out some information about --range to STDERR. =cut sub RangeHelpDM { eval "use Date::Manip"; my $hasDM = $@ ? 0 : 1; if ($hasDM) { print STDERR "\nThis system has the Date::Manip module loaded, and therefore you may use all\n"; print STDERR "of the valid --range parameters.\n"; } else { print STDERR "\nThis system does not have Date::Manip module loaded, and therefore\n"; print STDERR "the only valid --range parameters are 'yesterday', 'today', or 'all'.\n"; print STDERR "The Date::Manip module can be installed by using either of:\n"; print STDERR " apt-get install libdate-manip-perl (recommended on Debian)'\n"; print STDERR " cpan -i 'Date::Manip'\n"; print STDERR " perl -MCPAN -e 'install Date::Manip'\n"; print STDERR "\nFollowing is a description of the full capabilities available if\n"; print STDERR "Date::Manip is available.\n"; } print STDERR <<"EOT"; The format of the range option is: --range \"date_range [period]\" Parameter date_range (and optional period) must be enclosed in quotes if it is more than one word. The default for date_range is \"yesterday\". Valid instances of date_range have one of the following formats: yesterday today all date1 between date1 and date2 since date1 For the above, date1 and date2 have values that can be parsed with the Date::Manip perl module. Valid instances of the optional parameter period have one of the following formats: for (that|this) (year|month|day|hour|minute|second) for those (years|months|days|hours|minutes|seconds) The period defines the resolution of the date match. The default is \"for that day\". Examples: --range today --range yesterday --range '4 hours ago for that hour' --range '-3 days' --range 'since 2 hours ago for those hours' --range 'between -10 days and -2 days' --range 'Apr 15, 2005' --range 'first Monday in May' --range 'between 4/23/2005 and 4/30/2005' --range '2005/05/03 10:24:17 for that second' (The last entry might be used by someone debugging a log or filter.) A caution about efficiency: a range of \"yesterday for those hours\" will search for log entries for the last 24 hours, and is innefficient because it searches for individual matches for each hour. A range of \"yesterday\" will search for log entries for the previous day, and it searches for a single date match. EOT ; } =pod =item I This function returns the period, which is the part after the "for (those|that|this) " in a range =cut sub GetPeriod { my $range = lc $ENV{"LOGWATCH_DATE_RANGE"} || "yesterday"; my ($period) = ($range =~ /for\s+(?:those|that|this)\s+(year|month|day|hour|minute|second)s?\s*$/); if ($range eq 'all') { $period = 'all'; } unless ($period) { $period = "day"; } return($period); } =pod =item I This function returns an array of integers denoting time since the epoch (Jan. 1, 1970). Each entry represents a timestamp for the period that will that will need to be looked up to create the filter. =cut sub TimeBuild { my @time_t; my $time = time; eval "use Date::Manip"; my $hasDM = $@ ? 0 : 1; if ($hasDM) { eval 'Date_TimeZone();'; if ($@) { die "ERROR: Date::Manip unable to determine TimeZone.\n\nExecute the following command in a shell prompt:\n\tperldoc Date::Manip\nThe section titled TIMEZONES describes valid TimeZones\nand where they can be defined.\n"; } } my $range = lc $ENV{"LOGWATCH_DATE_RANGE"} || "yesterday"; my $period = GetPeriod; $range =~ s/for\s+(?:those|that|this)\s+((year|month|day|hour|minute|second)s?)\s*$//; my ($range1, $range2) = ($range =~ /^between\s+(.*)\s+and\s+(.*)\s*$/); if ($range =~ /^\s*since\s+/) { ($range1) = ($range =~ /\s*since\s+(.*)/); $range2 = "now"; } if ($range1 && $range2 && $hasDM) { # range between two dates specified my $date1 = ParseDate($range1); my $date2 = ParseDate($range2); if ($date1 && $date2) { if (Date_Cmp($date1, $date2) > 0) { # make sure date1 is earlier my $switch_date = $date1; $date1 = $date2; $date2 = $switch_date; } while (Date_Cmp($date1, $date2) < 0) { $time_t[++$#time_t] = UnixDate($date1, "%s"); $date1 = DateCalc($date1, "+1 $period"); } $time_t[++$#time_t] = UnixDate($date2, "%s"); } else { # $date1 or $date2 not valid # set to zero, which indicates it is not parsed $time_t[0] = 0; } } else { # either a single date or we don't have Date::Manip if ($range eq 'yesterday') { $time_t[0] = $time-86400; } elsif ($range eq 'today') { $time_t[0] = $time; } elsif ($range eq 'all') { # set arbitrarily to 1 $time_t[0] = 1; } elsif ($hasDM) { $time_t[0] = UnixDate($range, "%s") || 0; } else { $time_t[0] = 0; } } # this is an optimization when we use Date::Manip, and # the period is either 'month' or 'year'. It is intended # to reduce the number of archived logs searched. # We use the second day of month or year to account for # different timezones. if ($time_t[0] && $hasDM) { my $mod_date = ParseDateString("epoch $time_t[0]"); if ($period =~ /^month|year$/) { # set to beginning of month $mod_date =~ s/\d\d\d\d:\d\d:\d\d$/0200:00:00/; if ($period =~ /^year$/) { # set to beginning of year $mod_date =~ s/\d\d0100:00:00/010200:00:00/; } } $time_t[0] = UnixDate($mod_date, "%s"); } return(@time_t); } =pod =item I This function returns a regexp to filter by date/time =cut sub TimeFilter { my ($format) = $_[0]; my $SearchDate; my $range = lc $ENV{"LOGWATCH_DATE_RANGE"} || "yesterday"; my $debug = $ENV{"LOGWATCH_DEBUG"} || 0; my @time_t = TimeBuild(); # get period my $period = GetPeriod; if ($debug > 5) { print STDERR "\nTimeFilter: Period is $period\n"; } # we need the following bracketed section because of 'last' { if ($period eq 'second') {last;} $format =~ s/%S/../; if ($period eq 'minute') {last;} $format =~ s/%M/../; if ($period eq 'hour') {last;} $format =~ s/%H/../; if ($period eq 'day') {last;} $format =~ s/%a/.../; $format =~ s/%d/../; $format =~ s/%e/../; if ($period eq 'month') {last;} $format =~ s/%b/.../; $format =~ s/%m/../; if ($period eq 'year') {last;} $format =~ s/%y/../; $format =~ s/%Y/..../; } $SearchDate .= "("; for my $time (@time_t) { if ($time) { $SearchDate .= strftime($format, localtime($time)) . "|"; } else { # the following is a string guaranteed to not match $SearchDate .= "Range \"$range\" not understood. "; print STDERR "ERROR: Range \"$range\" not understood\n"; RangeHelpDM; } } # get rid of last character (usually the extra "|") if (length($SearchDate) > 1) { chop($SearchDate); } $SearchDate .= ")"; if ($debug> 5) { # DebugSearchDate sometimes makes it more readable - not used # functionally my $DebugSearchDate = $SearchDate; $DebugSearchDate =~ tr/:/ /; $DebugSearchDate =~ tr/\./ /; $DebugSearchDate =~ tr/ //s; print STDERR "\nTimeFilter: SearchDate is $SearchDate\n"; print STDERR "\nTimeFilter: Debug SearchDate is $DebugSearchDate\n"; } return ($SearchDate); } =back =head1 TAGS In addition to importing each function name explicitly, the following tags can be used. =over 4 =item I<:sort> Imports C, C =item I<:ip> Imports C and C =item I<:dates> Imports C =item I<:all> Imports all importable symbols. =cut 1; # vi: shiftwidth=3 tabstop=3 et logwatch-7.4.0+svn20130529rev144/logwatch.8000066400000000000000000000115311215235751200176350ustar00rootroot00000000000000.\" Process this file with .\" groff -man -Tascii foo.1 .\" .TH LOGWATCH 8 "May 2012" Linux "User Manuals" .SH NAME logwatch \- system log analyzer and reporter .SH SYNOPSIS .B logwatch [--detail .I level .B ] [--logfile .I log-file-group .B ] [--service .I service-name .B ] [--mailto .I address .B ] [--archives] [--range .I range .B ] [--debug .I level .B ] [--filename .I file-name .B ] [--logdir .I directory .B ] [--hostlimit .I hosts .B ] [--hostname .I hostname .B ] [--html_wrap .I number of characters .B ] [--hostformat .I host based options .B ] [--output .I output-type .B ] [--format .I report format .B ] [--encode .I encoding to use .B ] [--numeric] [--version] [--help|--usage] .SH DESCRIPTION .B Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Logwatch is being used for Linux and many types of UNIX. .SH OPTIONS .IP "\fB--detail\fR level" This is the detail level of the report. .I level can be a positive integer, or high, med, low, which correspond to the integers 10, 5, and 0, respectively. .IP "\fB--logfile\fR log-file-group" This will force Logwatch to process only the set of logfiles defined by .I log-file-group (i.e. messages, xferlog, ...). Logwatch will therefore process all services that use those logfiles. This option can be specified more than once to specify multiple logfile-groups. .IP "\fB--service\fR service-name" This will force Logwatch to process only the service specified in .I service-name (i.e. login, pam, identd, ...). Logwatch will therefore also process any log-file-groups necessary to process these services. This option can be specified more than once to specify multiple services to process. A useful .I service-name is .I All which will process all services (and logfile-groups) for which you have filters installed. .IP "\fB--mailto\fR address" Mail the results to the email address or user specified in .I address. .IP "\fB--range\fR range" You can specify a date-range to process. Common ranges are .I Yesterday, Today, All, and .I Help. Additional options are listed when invoked with the .I Help parameter. .IP "\fB--archives\fR" Each log-file-group has basic logfiles (i.e. /var/log/messages) as well as archives (i.e. /var/log/messages.? or /var/log/messages.?.gz). When used with "\-\-range all", this option will make Logwatch search through the archives in addition to the regular logfiles. For other values of \-\-range, Logwatch will search the appropriate archived logs. .IP "\fB--debug\fR level" For debugging purposes. .I level can range from 0 to 100. This will .I really clutter up your output. You probably don't want to use this. .IP "\fB--filename\fR file-name" Save the output to .I file-name instead of displaying or mailing it. .IP "\fB--logdir\fR directory" Look in .I directory for log subdirectories or log files instead of the default directory. .IP "\fB--hostlimit\fR host1,host2" Limit report to hostname - host1, host2. .IP "\fB--hostname\fR hostname" Use .I hostname for the reports instead of this system's hostname. In addition, if HostLimit is set in the logwatch.conf configuration file (see \fBMORE INFORMATION\fR, below), then only logs from this hostname will be processed (where appropriate). .IP "\fB--html_wrap\fR num-characters" Number of characters that html output should be wrapped to. Default is 80. .IP "\fB--numeric\fR" Inhibits additional name lookups, displaying IP addresses numerically. .IP "\fB--usage\fR" Displays usage information .IP "\fB--help\fR" same as \-\-usage. .SH FILES .IP /usr/share/logwatch/ .RS This directory contains all the perl executables and configuration files shipped with the logwatch distribution. .RE .IP /etc/logwatch .RS This directory contains local configuration files that override the default configuration. See \fBMORE INFORMATION\fR below for more information. .RE .SH EXAMPLES .B logwatch --service ftpd-xferlog --range all --detail high --archives .RS This will print out all FTP transfers that are stored in all current and archived xferlogs. .RE .B logwatch --service pam_pwdb --range yesterday --detail high .RS This will print out login information for the previous day... .RE .SH MORE INFORMATION The directory /usr/share/doc/logwatch-* contains several files with additional documentation: .RE .I HOWTO-Customize-LogWatch .RS Documents the directory structure of Logwatch configuration and executable files, and describes how to customize Logwatch by overriding these default files. .RE .I LICENSE .RS Describes the License under which Logwatch is distributed. Additional clauses may be specified in individual files. .RE .I README .RS Describes how to install, where to find it, mailing lists, and other useful information. .SH AUTHOR .RE Kirk Bauer .RE http://www.kaybee.org/~kirk .RE http://logwatch.sourceforge.net logwatch-7.4.0+svn20130529rev144/logwatch.conf.5000066400000000000000000000017531215235751200205630ustar00rootroot00000000000000.\" Written by Ivana Varekova . .TH LOGWATCH.CONF 5 2010-02-10 "GNU" "Linux Programmer's Manual" .SH NAME logwatch.conf, ignore.conf, override.conf - logwatch configuration files .SH DESCRIPTION .BR logwatch.conf - ( .BR /etc/logwatch/conf/logwatch.conf ) - can contain the local configuration options. The list of valid settings and their default values are in .BR /usr/share/logwatch/default.conf/logwatch.conf. .BR ignore.conf - ( .BR /etc/logwatch/conf/ignore.conf ) is the list of regular expressions. The set of logs decribed by this set is ignored by logwatch. .BR override.conf - ( .BR /etc/logwatch/conf/override.conf ) contains the settings which overrides the standard configuration of specific log files or services. The syntax is the same as in log/service files. .SH FILES .I /etc/logwatch/conf/logwatch.conf .I /etc/logwatch/conf/logwatch.conf .I /etc/logwatch/conf/logwatch.conf .I /usr/share/logwatch/default.conf/logwatch.conf .SH "SEE ALSO" .BR logwatch (8) logwatch-7.4.0+svn20130529rev144/logwatch.cron000066400000000000000000000006621215235751200204320ustar00rootroot00000000000000#!/bin/sh #Set logwatch location LOGWATCH_SCRIPT="/usr/sbin/logwatch" #Add options to this line. Most options should be defined in /etc/logwatch/conf/logwatch.conf, #but some are only for the nightly cronrun such as --output mail and should be set here. #Other options to consider might be "--format html" or "--encode base64", man logwatch for more details. OPTIONS="--output mail" #Call logwatch $LOGWATCH_SCRIPT $OPTIONS exit 0 logwatch-7.4.0+svn20130529rev144/override.conf.5000066400000000000000000000000311215235751200205560ustar00rootroot00000000000000.so man5/logwatch.conf.5 logwatch-7.4.0+svn20130529rev144/postfix-logwatch.1000066400000000000000000001064071215235751200213270ustar00rootroot00000000000000.TH POSTFIX-LOGWATCH 1 .ad .fi .SH NAME postfix-logwatch \- A Postfix log parser and analysis utility .SH "SYNOPSIS" .na .nf .fi \fBpostfix-logwatch\fR [\fIoptions\fR] [\fIlogfile ...\fR] .SH DESCRIPTION .ad .fi The \fBpostfix-logwatch\fR(1) utility is a Postfix MTA log parser that produces summaries, details, and statistics regarding the operation of Postfix. .PP This utility can be used as a standalone program, or as a Logwatch filter module to produce Postfix summary and detailed reports from within Logwatch. .PP \fBPostfix-logwatch\fR is able to produce a wide range of reports with data grouped and sorted as much as possible to reduce noise and highlight patterns. Brief summary reports provide a quick overview of general Postfix operations and message delivery, calling out warnings that may require attention. Detailed reports provide easy to scan, hierarchically-arranged and organized information, with as much or little detail as desired. .PP \fBPostfix-logwatch\fR outputs two principal sections: a \fBSummary\fR section and a \fBDetailed\fR section. For readability and quick scanning, all event or hit counts appear in the left column, followed by brief description of the event type, and finally additional statistics or count representations may appear in the rightmost column. The following segment from a sample Summary report illustrates: .RS 4 .nf ****** Summary ******************************************** 81 *Warning: Connection rate limit reached (anvil) 146 Warned 68.310M Bytes accepted 71,628,177 97.645M Bytes delivered 102,388,245 ======== ================================================ 3464 Accepted 41.44% 4895 Rejected 58.56% -------- ------------------------------------------------ 8359 Total 100.00% ======== ================================================ .fi .RE 0 The report warns that anvil's connection rate was hit 81 times, a Postfix access check WARN action was logged 146 times, and a total of 68.310 megabytes (71,628,177 bytes) were accepted into the Postfix system, delivering 97.645 megabytes of data (due to multiple recipients). The Accepted and Rejected lines show that Postfix accepted 3464 (41.44% of the total messages) and rejected 4895 (the remaining 58.56%) of the 8359 total messages (temporary rejects show up elsewhere). .PP There are dozens of sub-sections available in the \fBDetailed\fR report, each of whose output can be controlled in various ways. Each sub-section attempts to group and present the most meaningful data at superior levels, while pushing less useful or \fInoisy\fR data towards inferior levels. The goal is to provide as much benefit as possible from smart grouping of data, to allow faster report scanning, pattern identification, and problem solving. Data is always sorted in descending order by count, and then numerically by IP address or alphabetically as appropriate. .PP The following MX errors segment from a sample \fBDetailed\fR report illustrates the basic hierarchical level structure of \fBpostfix-logwatch\fR: .RS 4 .nf ****** Detailed ******************************************* 261 MX errors -------------------------------------- 261 Unable to look up MX host 222 Host not found 73 foolishspammer.local 60 completely.bogus.domain.example 11 friend.example.com 39 No address associated with hostname 23 dummymx.sample.net 16 pushn.spam.sample.com .fi .RE 0 .PP The \fBpostfix-logwatch\fR utility reads from STDIN or from the named Postfix \fIlogfile\fR. Multiple \fIlogfile\fR arguments may be specified, each processed in order. The user running \fBpostfix-logwatch\fR must have read permission on each named log file. .PP .SS Options The options listed below affect the operation of \fBpostfix-logwatch\fR. Options specified later on the command line override earlier ones. Any option may be abbreviated to an unambiguous length. .IP "\fB-f \fIconfig_file\fR" .PD 0 .IP "\fB--config_file \fIconfig_file\fR" .PD Use an alternate configuration file \fIconfig_file\fR instead of the default. This option may be used more than once. Multiple configuration files will be processed in the order presented on the command line. See \fBCONFIGURATION FILE\fR below. .IP "\fB--debug \fIkeywords\fR" Output debug information during the operation of \fBpostfix-logwatch\fR. The parameter \fIkeywords\fR is one or more comma or space separated keywords. To obtain the list of valid keywords, use --debug xxx where xxx is any invalid keyword. .IP "\fB--[no]delays\fR" Enables (disables) output of the message delays percentiles report. The delays percentiles report shows percentiles for each of the 4 delivery latency times reported by Postfix (available in version 2.3 and later) in the form \fBdelays=\fIa\fR/\fIb\fR/\fIc\fR/\fId\fR, where \fIa\fR is the amount of time before the active queue (includes time for previous delivery attempts and time in the deferred queue), \fIb\fR is the amount of time in the active queue up to delivery agent handoff, \fIc\fR is the amount of time spent making connections (including DNS, HELO and TLS) and \fId\fR is the amount of time spent delivering the message. The total delay shown comes from the \fBdelay=\fR field in a message delivery log line. \fBNote:\fR This report may consume a large amount of memory; if you have no use for it, disable the delays report. .IP "\fB--delays_percentiles \fIp1 [p2 ...]\fR" Specifies the percentiles to be used in the message delays percentiles report. The percentiles \fIp1\fR, \fIp2\fR, \fI...\fR range from 0 to 100, inclusively. The order of the list is not sorted - the report will output the percentiles columns in the order you specify. .IP "\fB--detail \fIlevel\fR" Sets the maximum detail level for \fBpostfix-logwatch\fR to \fIlevel\fR. This option is global, overriding any other output limiters described below. The \fBpostfix-logwatch\fR utility produces a \fBSummary\fR section, a \fBDetailed\fR section, and additional report sections. With \fIlevel\fR less than 5, \fBpostfix-logwatch\fR will produce only the \fBSummary\fR section. At \fIlevel\fR 5 and above, the \fBDetailed\fR section, and any additional report sections are candidates for output. Each incremental increase in \fIlevel\fR generates one additional hierarchical sub-level of output in the \fBDetailed\fR section of the report. At \fIlevel\fR 10, all levels are output. Lines that exceed the maximum report width (specified with \fBmax_report_width\fR) will be cut. Setting \fIlevel\fR to 11 will prevent lines in the report from being cut (see also \fB--line_style\fR). .IP "\fB--help\fR" Print usage information and a brief description about command line options. .IP "\fB--ignore_service \fIpattern\fR" Ignore log lines that contain the postfix service name \fBpostfix/\fIservice\fR. The parameter \fIservice\fR is a regular expression. \fBNote:\fR if you use parenthesis in your regular expression, be sure they are cloistering and not capturing: use \fB(?:\fIpattern\fB)\fR instead of \fB(\fIpattern\fB)\fR. .IP "\fB--ipaddr_width \fIwidth\fR" Specifies that IP addresses in address/hostname pairs should be printed with a field width of \fIwidth\fR characters. Increasing the default may be useful for systems using long IPv6 addresses. .IP "\fB-l limiter=levelspec\fR" .PD 0 .IP "\fB--limit limiter=levelspec\fR" .PD Sets the level limiter \fIlimiter\fR with the specification \fIlevelspec\fR. .IP "\fB--line_style \fIstyle\fR" Specifies how to handle long report lines. Three styles are available: \fBfull\fR, \fBtruncate\fR, and \fBwrap\fR. Setting \fIstyle\fR to \fBfull\fR will prevent cutting lines to \fBmax_report_width\fR; this is what occurs when \fBdetail\fR is 11 or higher. When \fIstyle\fR is \fBtruncate\fR (the default), long lines will be truncated according to \fBmax_report_width\fR. Setting \fIstyle\fR to \fBwrap\fR will wrap lines longer than \fBmax_report_width\fR such that left column hit counts are not obscured. This option takes precedence over the line style implied by the \fBdetail\fR level. The options \fB--full\fR, \fB--truncate\fR, and \fB--wrap\fR are synonyms. .IP "\fB--[no]long_queue_ids\fR" Enables (disables) interpretation of long queue IDs in Postfix (>= 2.9) logs. .IP "\fB--nodetail\fR" Disables the \fBDetailed\fR section of the report, and all supplemental reports. This option provides a convenient mechanism to quickly disable all sections under the \fBDetailed\fR report, where subsequent command line options may re-enable one or more sections to create specific reports. .IP "\fB--[no]summary\fR" .IP "\fB--show_summary\fR" Enables (disables) displaying of the the \fBSummary\fR section of the report. The variable Posfix_Show_Summary in used in a configuration file. .IP "\fB--recipient_delimiter \fIdelimiter\fR" Split email delivery addresses using the recipient delimiter character \fIdelimiter\fR. This should generally match the \fBrecipient_delimiter\fR specified in the Postfix parameter file \fBmain.cf\fR, or the default value indicated in \fBpostconf -d recipient_delimiter\fR. This is very useful for obtaining per-alias statistics when a recipient delimeter is used for mail delivery. .IP "\fB--reject_reply_patterns \fIr1 [r2 ...]\fR" Specifies the list of reject reply patterns used to create reject groups. Each entry in the list \fIr1 [r2 ...]\fR must be either a three character regular expression reply code of the form [45][0-9.][0-9.], or the word "Warn". The "." in the regular expression is a literal dot which matches any reject reply subcode; this wildcarding allows creation of broad rejects groups. List order is preserved, in that reject reports will be output in the same order as the entries in the list. Specific reject reply codes will take priority over wildcard patterns, regardless of the list order. The default list is "5.. 4.. Warn", which creates three groups of rejects: permanent rejects, temporary reject failures, and reject warnings (as in warn_if_reject). This feature allows, for example, distinguishing 421 transmission channel closures from 45x errors (eg. 450 mailbox unavailable, 451 local processing errors, 452 insufficient storage). Such a grouping would be configured with the list: "421 4.. 5.. Warn". See RFC 2821 for more information about reply codes. See also \fBCONFIGURATION FILE\fR regarding using \fBreject_reply_patterns\fR within a configuration file. .IP "\fB--[no]sect_vars\fR" .PD 0 .IP "\fB--show_sect_vars \fIboolean\fR" .PD Enables (disables) supplementing each \fBDetailed\fR section title with the name of that section's level limiter. The name displayed is the command line option (or configuration file variable) used to limit that section's output. . With the large number of level limiters available in \fBpostfix-logwatch\fR, this a convenient mechanism for determining exactly which level limiter affects a section. .IP "\fB--syslog_name \fInamepat\fR" Specifies the syslog service name that \fBpostfix-logwatch\fR uses to match syslog lines. Only log lines whose service name matches the perl regular expression \fInamepat\fR will be used by \fBpostfix-logwatch\fR; all non-matching lines are silently ignored. This is useful when a pre-installed Postfix package uses a name other than the default (\fBpostfix\fR), or when multiple Postfix instances are in use and per-instance reporting is desired. The pattern \fInamepat\fR should match the \fBsyslog_name\fR configuration parameter specified in the Postfix parameter file \fBmain.cf\fR, the master control file \fBmaster.cf\fR, or the default value as indicated by the output of \fBpostconf -d syslog_name\fR. \fBNote:\fR if you use parenthesis in your regular expression, be sure they are cloistering and not capturing: use \fB(?:\fIpattern\fB)\fR instead of \fB(\fIpattern\fB)\fR. .IP "\fB--[no]unknown\fR" .PD 0 .IP "\fB--show_unknown \fIboolean\fR" .PD Enables (disables) display of the postfix-generated name of 'unknown' in formated IP/hostname pairs in \fBDetailed\fR reports. Default: enabled. .IP "\fB--version\fR" Print \fBpostfix-logwatch\fR version information. .SS Level Limiters .PP The output of every section in the \fBDetailed\fR report is controlled by a level limiter. The name of the level limiter variable will be output when the \fBsect_vars\fR option is set. Level limiters are set either via command line in standalone mode with \fB--limit \fIlimiter\fB=\fIlevelspec\fR option, or via configuration file variable \fB$postfix_\fIlimiter\fB=\fIlevelspec\fR. Each limiter requires a \fIlevelspec\fR argument, which is described below in \fBLEVEL CONTROL\fR. The list of level limiters is shown below. There are several level limiters that control reject sub-sections (eg. \fBrejectbody\fR, \fBrejectsender\fR, etc.). Because the list of reject variants is not known until runtime after \fBreject_reply_patterns\fR is seen, these reject limiters are shown below generically, with the prefix \fB###\fR. To use one of these reject limiters, substitute \fB###\fR with one of the reject reply codes in effect, replacing each dot with an \fBx\fR character. For example, using the default \fBreject_reply_patterns\fR list of "5.. 4.. Warn", three \fBrejectbody\fR variants are valid: \fB--limit 5xxrejectbody\fR, \fB--limit 4xxrejectbody\fR and \fB--limit warnrejectbody\fR. As a convenience, you may entirely eliminate the \fB###\fR prefix, and instead use the bare \fBreject\fIXXX\fR option, and all reject level limiter variations will be auto-generated based on the \fBreject_reply_patterns\fR list. For example, the command line segment: .nf ... --reject_reply_patterns "421 5.." \\ --limit rejectrbl="1:10:" .fi would automatically become: .nf ... --reject_reply_patterns "421 5.." \\ --limit 421rejectrbl="1:10:" --limit 5xxrejectrbl="1:10:" .fi See \fBreject_reply_patterns\fR above, and comments in the configuration file \fBpostfix-logwatch.conf\fR. .de TQ . br . ns . TP \\$1 .. [ THIS SECTION IS NOT YET COMPLETE ] .PD 0 .IP "\fBAttrError" Errors obtaining attribute data from service. .IP "\fBBCCed" Messages that triggered access, header_checks or body_checks BCC action. (postfix 2.6 experimental branch) .IP "\fBBounceLocal" .IP "\fBBounceRemote" Local and remote bounces. A bounce is considered a local bounce if the relay was one of none, local, virtual, avcheck, maildrop or 127.0.0.1. .IP "\fBByIpRejects" Regrouping by client host IP address of all 5xx (permanent) reject variants. .IP "\fBCommunicationError" Postfix errors talking to one of its services. .IP "\fBAnvil" Anvil rate or concurrency limits. .IP "\fBConnectionInbound" Connections made to the \fBsmtpd\fR server. .IP "\fBConnectionLostInbound" Connections lost to the \fBsmtpd\fR server. .IP "\fBConnectionLostOutbound" Connections lost during \fBsmtp\fR communications with remote MTA. .IP "\fBConnectToFailure" Failures reported by \fBsmtp\fR when connecting to remote MTA. .IP "\fBDatabaseGeneration" Warnings noted when binary database map file requires \fBpostmap\fR update from newer source file. .IP "\fBDeferrals" .IP "\fBDeferred" Message delivery deferrals. A single \fBdeferred\fR message will have one or more \fBdeferrals\fR many times. .IP "\fBDeliverable" Address verification indicates recipient address is deliverable. .IP "\fBDelivered" Number of messages handed-off to a delivery agent such as local or virtual. .IP "\fBDiscarded" Messages that triggered access, header_checks or body_checks DISCARD action. .IP "\fBDNSError" Any one of several errors encounted during DNS lookups. .IP "\fBEnvelopeSenderDomains" List of sending domains. (2 levels: envelope sender domain, localpart) .IP "\fBEnvelopeSenders" List of envelope senders. (1 level: envelope sender) .IP "\fBError" Postfix general \fBerror\fR messages. .IP "\fBFatalConfigError" Fatal main.cf or master.cf configuration errors. .IP "\fBFatalError" Postfix general \fBfatal\fR messages. .IP "\fBFiltered" Messages that triggered access, header_checks or body_checks FILTER action. .IP "\fBForwarded" Messages forwarded by MDA for one address class to another (eg. local -> virtual). .IP "\fBHeloError" XXXXXXXXXXX .IP "\fBHold" Messages that were placed on hold by postsuper, or triggered by access, header_checks or body_checks HOLD action. .IP "\fBHostnameValidationError" Invalid hostname detected. .IP "\fBHostnameVerification" Lookup of hostname does not map back to the IP of the peer (ie. the remote system connecting to \fBsmtpd\fR). Also known as forward-confirmed reverse DNS (FCRDNS). When the reverse name has no DNS entry, the message "host not found, try again" is included; otherwise, it is not (e.g. when the reverse has some IP address, but not the one Postfix expects). .IP "\fBIllegalAddrSyntax" Illegal syntax in an email address provided during the MAIL FROM or RCPT TO dialog. .IP "\fBLdapError" Any LDAP errors during LDAP lookup. .IP "\fBMailerLoop" An MX lookup for the best mailer to use to deliver mail would result in a sending to ourselves. .IP "\fBMapProblem" Problem with an access table map that needs correcting. .IP "\fBMessageWriteError" Postfix encountered an error when trying to create a message file somewhere in the spool directory. .IP "\fBNumericHostname" A hostname was found that was numeric, instead of alphabetic. .IP "\fBPanicError" Postfix general \fBpanic\fR messages. .IP "\fBPixWorkaround" Workarounds were enabled to avoid remote Cisco PIX SMTP "fixups". .IP "\fBPolicydWeight" Summarization of policyweight/policydweight results. .IP "\fBPolicySpf" Summarization of PolicySPF results. .IP "\fBPostgrey" Summarization of Postgrey results. .IP "\fBPostscreen" Summarization of 2.7's postscreen and verify services. .IP "\fBDNSBLog" Summarization of 2.7's dnsblog service. .IP "\fBPrepended" Messages that triggered header_checks or body_checks PREPEND action. .IP "\fBProcessExit" Postfix services that exited unexpectedly. .IP "\fBProcessLimit" A Postfix service has reached or exceeded the maximum number of processes allowed. .IP "\fBQueueWriteError" Problems writing a Postfix queue file. .IP "\fBRblError" Lookup errors for RBLs. .IP "\fBRedirected" Messages that triggered access, header_checks or body_checks REDIRECT action. .IP "\fB###RejectBody" Messages that triggered body_checks REJECT action. .IP "\fB###RejectClient" Messages rejected by client access controls (smtpd_client_restrictions). .IP "\fB###RejectConfigError" Message rejected due to server configuration errors. .IP "\fB###RejectContent" Messages rejected by message_reject_characters. .IP "\fB###RejectData" Messages rejected at DATA stage in SMTP conversation (smtpd_data_restrictions). .IP "\fB###RejectEtrn" Messages rejected at ETRN stage in SMTP conversation (smtpd_etrn_restrictions). .IP "\fB###RejectHeader" Messages that triggered header_checks REJECT action. .IP "\fB###RejectHelo" Messages rejected at HELO/EHLO stage in SMTP conversation (smtpd_helo_restrictions). .IP "\fB###RejectInsufficientSpace" Messages rejected due to insufficient storage space. .IP "\fB###RejectLookupFailure" Messages rejected due to temporary DNS lookup failures. .IP "\fB###RejectMilter" Milter rejects. No reject reply code is available for these rejects, but an extended 5.7.1 DSN is provided. These rejects are forced into the generic 5xx rejects group. If you redefine \fBreject_reply_patterns\fR such that it does not contain the pattern \fB5..\fR, milter rejects will not be output. .IP "\fB###RejectRbl" Messages rejected by an RBL hit. .IP "\fB###RejectRecip" Messages rejected by recipient access controls (smtpd_recipient_restrictions). .IP "\fB###RejectRelay" Messages rejected by relay access controls. .IP "\fB###RejectSender" Messages rejected by sender access controls (smtpd_sender_restrictions). .IP "\fB###RejectSize" Messages rejected due to excessive message size. .IP "\fB###RejectUnknownClient" Messages rejected by unknown client access controls. .IP "\fB###RejectUnknownReverseClient" Messages rejected by unknown reverse client access controls. .IP "\fB###RejectUnknownUser" Messages rejected by unknown user access controls. .IP "\fB###RejectUnverifiedClient" Messages rejected by unverified client access controls. .IP "\fB###RejectVerify" Messages rejected dueo to address verification failures. .IP "\fBReplaced" Messages that triggered header_checks or body_checks REPLACE action. .IP "\fBReturnedToSender" Messages returned to sender due to exceeding queue lifetime (maximal_queue_lifetime). .IP "\fBSaslAuth" SASL authentication successes, includes SASL method, username, and sender when present. .IP "\fBSaslAuthFail" SASL authentication failures. .IP "\fBSent" Messages sent via the SMTP delivery agent. .IP "\fBSentLmtp" Messages sent via the LMTP delivery agent. .IP "\fBSmtpConversationError" Errors during the SMTP/ESMTP dialog. .IP "\fBSmtpProtocolViolation" Protocol violation during the SMTP/ESMTP dialog. .IP "\fBStartupError" Errors during Postfix server startup. .IP "\fBTimeoutInbound" Connections to \fBsmtpd\fR that timed out. .IP "\fBTlsClientConnect" TLS client connections. .IP "\fBTlsOffered" TLS communication offerred. .IP "\fBTlsServerConnect" TLS server connections. .IP "\fBTlsUnverified" Unverified TLS connections. .IP "\fBUndeliverable" Address verification indicates recipient address is undeliverable. .IP "\fBWarn" Messages that triggered access, header_checks or body_checks WARN action. .IP "\fBWarnConfigError" Warnings regarding Postfix configuration errors. .IP "\fBWarningsOther" Postfix general \fBwarning\fR messages. .PD .SH LEVEL CONTROL .ad .fi The \fBDetailed\fR section of the report consists of a number of sub-sections, each of which is controlled both globally and independently. Two settings influence the output provided in the \fBDetailed\fR report: a global detail level (specified with \fB--detail\fR) which has final (big hammer) output-limiting control over the \fBDetailed\fR section, and sub-section specific detail settings (small hammer), which allow further limiting of the output for a sub-section. Each sub-section may be limited to a specific depth level, and each sub-level may be limited with top N or threshold limits. The \fIlevelspec\fR argument to each of the level limiters listed above is used to accomplish this. It is probably best to continue explanation of sub-level limiting with the following well-known outline-style hierarchy, and some basic examples: .nf level 0 level 1 level 2 level 3 level 4 level 4 level 2 level 3 level 4 level 4 level 4 level 3 level 4 level 3 level 1 level 2 level 3 level 4 .fi .PP The simplest form of output limiting suppresses all output below a specified level. For example, a \fIlevelspec\fR set to "2" shows only data in levels 0 through 2. Think of this as collapsing each sub-level 2 item, thus hiding all inferior levels (3, 4, ...), to yield: .nf level 0 level 1 level 2 level 2 level 1 level 2 .fi .PP Sometimes the volume of output in a section is too great, and it is useful to suppress any data that does not exceed a certain threshold value. Consider a dictionary spam attack, which produces very lengthy lists of hit-once recipient email or IP addresses. Each sub-level in the hierarchy can be threshold-limited by setting the \fIlevelspec\fR appropriately. Setting \fIlevelspec\fR to the value "2::5" will suppress any data at level 2 that does not exceed a hit count of 5. .PP Perhaps producing a top N list, such as top 10 senders, is desired. A \fIlevelspec\fR of "3:10:" limits level 3 data to only the top 10 hits. .PP With those simple examples out of the way, a \fIlevelspec\fR is defined as a whitespace- or comma-separated list of one or more of the following: .IP "\fIl\fR" Specifies the maximum level to be output for this sub-section, with a range from 0 to 10. if \fIl\fR is 0, no levels will be output, effectively disabling the sub-section (level 0 data is already provided in the Summary report, so level 1 is considered the first useful level in the \fBDetailed\fR report). Higher values will produce output up to and including the specified level. .IP "\fIl\fB.\fIn\fR" Same as above, with the addition that \fIn\fR limits this section's level 1 output to the top \fIn\fR items. The value for \fIn\fR can be any integer greater than 1. (This form of limiting has less utility than the syntax shown below. It is provided for backwards compatibility; users are encouraged to use the syntax below). .IP "\fIl\fB:\fIn\fB:\fIt\fR" This triplet specifies level \fIl\fR, top \fIn\fR, and minimum threshold \fIt\fR. Each of the values are integers, with \fIl\fR being the level limiter as described above, \fIn\fR being a top \fIn\fR limiter for the level \fIl\fR, and \fIt\fR being the threshold limiter for level \fIl\fR. When both \fIn\fR and \fIt\fR are specified, \fIn\fR has priority, allowing top \fIn\fR lists (regardless of threshold value). If the value of \fIl\fR is omitted, the specified values for \fIn\fR and/or \fIt\fR are used for all levels available in the sub-section. This permits a simple form of wildcarding (eg. place minimum threshold limits on all levels). However, specific limiters always override wildcard limiters. The first form of level limiter may be included in \fIlevelspec\fR to restrict output, regardless of how many triplets are present. .PP All three forms of limiters are effective only when \fBpostfix-logwatch\fR's detail level is 5 or greater (the \fBDetailed\fR section is not activated until detail is at least 5). .PP See the \fBEXAMPLES\fR section for usage scenarios. .SH CONFIGURATION FILE .ad \fBPostfix-logwatch\fR can read configuration settings from a configuration file. Essentially, any command line option can be placed into a configuration file, and these settings are read upon startup. Because \fBpostfix-logwatch\fR can run either standalone or within Logwatch, to minimize confusion, \fBpostfix-logwatch\fR inherits Logwatch's configuration file syntax requirements and conventions. These are: .IP \(bu 4'. White space lines are ignored. .IP \(bu 4'. Lines beginning with \fB#\fR are ignored .IP \(bu 4'. Settings are of the form: .nf \fIoption\fB = \fIvalue\fR .fi .IP \(bu 4'. Spaces or tabs on either side of the \fB=\fR character are ignored. .IP \(bu 4'. Any \fIvalue\fR protected in double quotes will be case-preserved. .IP \(bu 4'. All other content is reduced to lowercase (non-preserving, case insensitive). .IP \(bu 4'. All \fBpostfix-logwatch\fR configuration settings must be prefixed with "\fB$postfix_\fR" or \fBpostfix-logwatch\fR will ignore them. .IP \(bu 4'. When running under Logwatch, any values not prefixed with "\fB$postfix_\fR" are consumed by Logwatch; it only passes to \fBpostfix-logwatch\fR (via environment variable) settings it considers valid. .IP \(bu 4'. The values \fBTrue\fR and \fBYes\fR are converted to 1, and \fBFalse\fR and \fBNo\fR are converted to 0. .IP \(bu 4'. Order of settings is not preserved within a configuration file (since settings are passed by Logwatch via environment variables, which have no defined order). .PP To include a command line option in a configuration file, prefix the command line option name with the word "\fB$postfix_\fR". The following configuration file setting and command line option are equivalent: .nf \fB$postfix_Line_Style = Truncate\fR \fB--line_style Truncate\fR .fi Level limiters are also prefixed with \fB$postfix_\fR, but on the command line are specified with the \fB--limit\fR option: .nf \fB$postfix_Sent = 2\fR \fB--limit Sent=2\fR .fi The order of command line options and configuration file processing occurs as follows: 1) The default configuration file is read if it exists and no \fB--config_file\fR was specified on a command line. 2) Configuration files are read and processed in the order found on the command line. 3) Command line options override any options already set either via command line or from any configuration file. Command line options are interpreted when they are seen on the command line, and later options will override previously set options. The notable exception is with limiter variables, which are interpreted in the order found, but only after all other options have been processed. This allows \fB--reject_reply_patterns\fR to determine the dynamic list of the various reject limiters. See also \fB--reject_reply_patterns\fR. .SH "EXIT STATUS" .na .nf .ad .fi The \fBpostfix-logwatch\fR utility exits with a status code of 0, unless an error occurred, in which case a non-zero exit status is returned. .SH "EXAMPLES" .na .nf .ad .fi .SS Running Standalone \fBNote:\fR \fBpostfix-logwatch\fR reads its log data from one or more named Postfix log files, or from STDIN. For brevity, where required, the examples below use the word \fIfile\fR as the command line argument meaning \fI/path/to/postfix.log\fR. Obviously you will need to substitute \fIfile\fR with the appropriate path. .nf .PP To run \fBpostfix-logwatch\fR in standalone mode, simply run: .nf .RS 4 .PP \fBpostfix-logwatch \fIfile\fR .RE 0 .nf .PP A complete list of options and basic usage is available via: .nf .RS 4 .PP \fBpostfix-logwatch --help\fR .RE 0 .nf .PP To print a summary only report of Postfix log data: .nf .RS 4 .PP \fBpostfix-logwatch --detail 1 \fIfile\fR .RE 0 .fi .PP To produce a summary report and a one-level detail report for May 25th: .nf .RS 4 .PP \fBgrep 'May 25' \fIfile\fB | postfix-logwatch --detail 5\fR .RE 0 .fi .PP To produce only a top 10 list of Sent email domains, the summary report and detailed reports are first disabled. Since commands line options are read and enabled left-to-right, the Sent section is re-enabled to level 1 with a level 1 top 10 limiter: .nf .RS 4 .PP \fBpostfix-logwatch --nosummary --nodetail --limit sent='1 1:10:' \fIfile\fR .RE 0 .fi .PP The following command and its sample output shows a more complex level limiter example. The command gives the top 3 Sent email addresses from the top 5 domains, in addition, all level 3 items with a hit count of 2 or less are suppressed (in the Sent sub-section, this happens to be email's Original To address). Ellipses indicate top N or threshold-limited data: .nf .RS 4 .PP \fBpostfix-logwatch --nosummary --nodetail \\ --limit sent '1:5: 2:3: 3::2' \fIfile\fR .nf 1762 Sent via SMTP ----------------------------------- 352 example.com 310 joe 255 joe.bob@virtdomain.example.com 7 info@virtdomain.example.com 21 pooryoda3 11 hot93uh ... 244 sample.net 97 buzz 26 leroyjones 14 sally ... 152 example.net 40 jim_jameson 23 sam_sampson 19 paul_paulson ... 83 sample.us 44 root 39 jenny1 69 dom3.example.us 10 kay 7 ron 6 mrsmith ... ... .fi .RE 0 .fi .PP The next command uses both \fBreject_reply_patterns\fR and level limiters to see 421 RBL rejects, threshold-limiting level 2 output to hits greater than 5 (level 2 in the Reject RBL sub-section is the client's IP address / hostname pair). This makes for a very nice RBL offenders list, shown in the sample output (note the use of the unambiguous, abbreviated command line option reject_reply_pat): .nf .RS 4 .PP \fBpostfix-logwatch --reject_reply_pat '421 4.. 5.. Warn' \\ --nosummary --nodetail --limit 421rejectrbl='2 2::5' \fIfile\fR .nf 300 421 Reject RBL --------------------------------------- 243 zen.spamhaus.org=127.0.0.2 106 10.0.0.129 129.0.0.example.com 41 192.168.10.70 hostx10.sample.net 40 192.168.42.39 hostz42.sample.net 15 10.1.1.152 dsl-10-1-1-152.example.us 14 10.10.10.122 mail122.sample.com 7 192.168.3.44 smalltime-spammer.example.com ... 48 zen.spamhaus.org=127.0.0.4 17 10.29.124.92 10-29-124-92.adsl-static.sample.us ... 8 zen.spamhaus.org=127.0.0.11 ... 1 zen.spamhaus.org=127.0.0.10 ... .fi .RE 4 .SS Running within Logwatch \fBNote:\fR Logwatch versions prior to 7.3.6, unless configured otherwise, required the \fB--print\fR option to print to STDOUT instead of sending reports via email. Since version 7.3.6, STDOUT is the default output destination, and the \fB--print\fR option has been replaced by \fB--output stdout\fR. Check your configuration to determine where report output will be directed, and add the appropriate option to the commands below. .PP To print a summary report for today's Postfix log data: .nf .RS 4 .PP \fBlogwatch --service postfix --range today --detail 1\fR .RE 0 .nf .PP To print a report for today's Postfix log data, with one level of detail in the \fBDetailed\fR section: .nf .RS 4 .PP \fBlogwatch --service postfix --range today --detail 5\fR .RE 0 .fi .PP To print a report for yesterday, with two levels of detail in the \fBDetailed\fR section: .nf .RS 4 .PP \fBlogwatch --service postfix --range yesterday --detail 6\fR .RE 0 .fi .PP To print a report from Dec 12th through Dec 14th, with four levels of detail in the \fBDetailed\fR section: .nf .RS 4 .PP \fBlogwatch --service postfix --range \\ 'between 12/12 and 12/14' --detail 8\fR .RE 0 .PP To print a report for today, with all levels of detail: .nf .RS 4 .PP \fBlogwatch --service postfix --range today --detail 10\fR .RE 0 .PP Same as above, but leaves long lines uncut: .nf .RS 4 .PP \fBlogwatch --service postfix --range today --detail 11\fR .RE 0 .SH "ENVIRONMENT" .na .nf .ad .fi The \fBpostfix-logwatch\fR program uses the following (automatically set) environment variables when running under Logwatch: .IP \fBLOGWATCH_DETAIL_LEVEL\fR This is the detail level specified with the Logwatch command line argument \fB--detail\fR or the \fBDetail\fR setting in the ...conf/services/postfix.conf configuration file. .IP \fBLOGWATCH_DEBUG\fR This is the debug level specified with the Logwatch command line argument \fB--debug\fR. .IP \fBpostfix_\fIxxx\fR The Logwatch program passes all settings \fBpostfix_\fIxxx\fR in the configuration file ...conf/services/postfix.conf to the \fBpostfix\fR filter (which is actually named .../scripts/services/postfix) via environment variable. .SH "FILES" .na .nf .SS Standalone mode .IP "/usr/local/bin/postfix-logwatch" The \fBpostfix-logwatch\fR program .IP "/usr/local/etc/postfix-logwatch.conf" The \fBpostfix-logwatch\fR configuration file in standalone mode .SS Logwatch mode .IP "/etc/logwatch/scripts/services/postfix" The Logwatch \fBpostfix\fR filter .IP "/etc/logwatch/conf/services/postfix.conf" The Logwatch \fBpostfix\fR filter configuration file .SH "SEE ALSO" .na .nf logwatch(8), system log analyzer and reporter .SH "README FILES" .na .ad .nf README, an overview of \fBpostfix-logwatch\fR Changes, the version change list history Bugs, a list of the current bugs or other inadequacies Makefile, the rudimentary installer LICENSE, the usage and redistribution licensing terms .SH "LICENSE" .na .nf .ad Covered under the included MIT/X-Consortium License: http://www.opensource.org/licenses/mit-license.php .SH "AUTHOR(S)" .na .nf Mike Cappella .fi The original \fBpostfix\fR Logwatch filter was written by Kenneth Porter, and has had many contributors over the years. They are entirely not responsible for any errors, problems or failures since the current author's hands have touched the source code. logwatch-7.4.0+svn20130529rev144/scripts/000077500000000000000000000000001215235751200174225ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/scripts/logfiles/000077500000000000000000000000001215235751200212265ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/scripts/logfiles/autorpm/000077500000000000000000000000001215235751200227155ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/scripts/logfiles/autorpm/applydate000077500000000000000000000030621215235751200246270ustar00rootroot00000000000000 ########################################################################## # $Id: applydate,v 1.6 2008/03/24 23:31:26 kirk Exp $ ########################################################################## ######################################################## ## Copyright (c) 2008 Kirk Bauer ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### use POSIX qw(strftime); use Logwatch ':dates'; my $time = time; my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; $SearchDate = TimeFilter('%a %b %e %H:..:.. [^ ]+ %Y - '); if ($Debug > 5) { print STDERR "DEBUG: Inside ApplyDate (autorpm)...\n"; print STDERR "DEBUG: Looking For: $SearchDate or $SearchYear\n"; } while (defined($ThisLine = )) { if ($ThisLine =~ s/$SearchDate//o) { print $ThisLine; } } # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: logwatch-7.4.0+svn20130529rev144/scripts/logfiles/cron/000077500000000000000000000000001215235751200221675ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/scripts/logfiles/cron/applydate000077500000000000000000000050011215235751200240740ustar00rootroot00000000000000 #use strict; ########################################################################## # $Id: applydate,v 1.16 2008/03/24 23:31:26 kirk Exp $ ########################################################################## ######################################################## ## Copyright (c) 2008 Kirk Bauer ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### use POSIX qw(strftime); use Logwatch ':dates'; my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; # SearchDate2 is for newer crond (i.e. RH7.X) my ($SearchDate, $SearchDate2, $ThisLine); my ($incount, $outcount) = (0, 0); my $time = time; my $hostname = $ENV{'HOSTNAME'}; my $OSname = $ENV{'OSname'}; $SearchDate = TimeFilter("%m/%d-%H:%M:%S"); $SearchDate2 = TimeFilter("%b %e %H:%M:%S"); if ($Debug > 5) { print STDERR "DEBUG: Inside ApplyDate (cron)...\n"; print STDERR "DEBUG: Looking For: $SearchDate or $SearchDate2\n"; } while (defined($ThisLine = )) { $incount++; #Solaris & IRIX CRON filter -mgt #Basically takes the cron format in /var/cron/log and makes it look like syslog if ( $OSname =~ /(SunOS|IRIX)/ ) { if ($ThisLine =~ m/^\>\s+CMD: (.+)$/o) { my $command = $1; my $nextline = ; my ($user, $ps, $datestamp) = $nextline =~ /^\>\s+(\w+) (\d+) . \w\w\w (\w\w\w\s+\d+ \d\d:\d\d:\d\d)/; $ThisLine = "$datestamp $hostname CROND[$ps]: ($user) CMD ($command)\n"; } } if ($ThisLine =~ m/^[^ ]+ \($SearchDate-[0123456789]+\) /o) { print $ThisLine; $outcount++; } elsif ($ThisLine =~ m/^$SearchDate2 [^ ]+ [\w\/]+\[\d+\]:/o) { print $ThisLine; $outcount++; } } if ($Debug > 5) { print STDERR "DEBUG: ApplyDate (cron): $incount Lines In, $outcount Lines Out\n"; } # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: logwatch-7.4.0+svn20130529rev144/scripts/logfiles/emerge/000077500000000000000000000000001215235751200224725ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/scripts/logfiles/emerge/applydate000066400000000000000000000055161215235751200244070ustar00rootroot00000000000000 ########################################################################## # $Id: applydate,v 1.5 2008/03/24 23:31:26 kirk Exp $ ########################################################################## # $Log: applydate,v $ # Revision 1.5 2008/03/24 23:31:26 kirk # added copyright/license notice to each script # # Revision 1.4 2007/02/16 04:38:13 bjorn # Check timestamp using proper "seconds since epoch" format, by Jason. # # Revision 1.3 2005/06/18 19:36:32 bjorn # Bug fix from Mike Frysinger for incorrect variable reference # # Revision 1.2 2005/05/03 19:33:39 bjorn # Added support for new date ranges # # Revision 1.1 2005/04/20 22:13:32 bjorn # Initial file by Matt Brown # ########################################################################## ########################################################################## # This was written by: Matt Brown, mdbrown at uwaterloo dot ca # # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net. ########################################################################## ######################################################## ## Copyright (c) 2008 Kirk Bauer ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### # Processes emerge logs to remove entries outside the desired date range use strict; use Logwatch ':dates'; use POSIX qw(strftime); my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; # Set the date we are looking for based on the desired date range my $SearchDate = TimeFilter('%Y %b %e %H:%M:%S'); if ($Debug > 5) { print STDERR "DEBUG: Inside applydate (emerge)...\n"; print STDERR "DEBUG: Looking For: $SearchDate\n"; } # Examine each line of the file, writing out only the lines that are within # the date range my $emergeTime; while (defined(my $line = )) { $line =~ /^(\d+):/; $emergeTime = strftime('%Y %b %e %H:%M:%S', localtime($1)); if ($Debug > 5) { print STDERR "DEBUG: converted time: $emergeTime\n"; } if ($emergeTime =~ /$SearchDate/) { print $line; } } # vi: shiftwidth=3 syntax=perl tabstop=3 et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: logwatch-7.4.0+svn20130529rev144/scripts/logfiles/samba/000077500000000000000000000000001215235751200223115ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/scripts/logfiles/samba/applydate000077500000000000000000000044651215235751200242330ustar00rootroot00000000000000 ########################################################################## # $Id: applydate,v 1.12 2008/03/24 23:31:26 kirk Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Luuk de Boer # # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@lists.sourceforge.net ######################################################## ######################################################## ## Copyright (c) 2008 Kirk Bauer ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### use POSIX qw(strftime); use Logwatch ':dates'; my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; my $time = time; $SearchDate = TimeFilter('%m/%d/%y %H:%M:%S'); $SearchDate2 = TimeFilter('%Y/%m/%d %H:%M:%S'); if ( $Debug > 5 ) { print STDERR "DEBUG: Inside ApplyDate (samba)...\n"; print STDERR "DEBUG: Looking For: $SearchDate or $SearchDate2\n"; } $ThisLine = ; mainloop: while ($ThisLine) { if ($ThisLine =~ m/^$SearchDate /o) { print $ThisLine; } elsif ($ThisLine =~ m/^\[$SearchDate2/o) { chomp($ThisLine); print $ThisLine; while ($ThisLine = ) { if ($ThisLine =~ m/^\[....\/..\/.. ..:..:../) { # Found next entry print "\n"; next mainloop; } else { chomp($ThisLine); print $ThisLine; } } print "\n"; } else { $ThisLine = ; } } # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: logwatch-7.4.0+svn20130529rev144/scripts/logfiles/samba/removeheaders000077500000000000000000000031011215235751200250630ustar00rootroot00000000000000 ########################################################################## # $Id: removeheaders,v 1.8 2008/03/24 23:31:26 kirk Exp $ ########################################################################## ######################################################## # This was written and is maintained by: # Luuk de Boer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## ######################################################## ## Copyright (c) 2008 Kirk Bauer ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### while (defined($ThisLine = )) { $ThisLine =~ s/^..\/..\/.. ..:..:.. //; $ThisLine =~ s/^\[....\/..\/.. ..:..:...+?\]\s*//; print $ThisLine; } # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: logwatch-7.4.0+svn20130529rev144/scripts/logfiles/up2date/000077500000000000000000000000001215235751200225725ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/scripts/logfiles/up2date/applydate000077500000000000000000000030511215235751200245020ustar00rootroot00000000000000 ########################################################################## # $Id: applydate,v 1.9 2008/03/24 23:31:26 kirk Exp $ ########################################################################## ######################################################## ## Copyright (c) 2008 Kirk Bauer ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### use POSIX qw(strftime); use Logwatch ':dates'; my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; my $time = time; $SearchDate = TimeFilter('%a %b %e %H:%M:%S %Y'); if ( $Debug > 5 ) { print STDERR "DEBUG: Inside ApplyDate (up2date)...\n"; print STDERR "DEBUG: Looking For: " . $SearchDate . "\n"; } while (defined($ThisLine = )) { if ($ThisLine =~ m/\[$SearchDate\]/o) { print $ThisLine; } } # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: logwatch-7.4.0+svn20130529rev144/scripts/logfiles/up2date/removeheaders000077500000000000000000000024111215235751200253470ustar00rootroot00000000000000 ########################################################################## # $Id: removeheaders,v 1.6 2008/03/24 23:31:26 kirk Exp $ ########################################################################## ######################################################## ## Copyright (c) 2008 Kirk Bauer ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### while (defined($ThisLine = )) { $ThisLine =~ s/^\[... ... .. ..:..:.. ....\] up2date //; print $ThisLine; } # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: logwatch-7.4.0+svn20130529rev144/scripts/logfiles/xferlog/000077500000000000000000000000001215235751200226745ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/scripts/logfiles/xferlog/applydate000077500000000000000000000030501215235751200246030ustar00rootroot00000000000000 ########################################################################## # $Id: applydate,v 1.14 2008/03/24 23:31:26 kirk Exp $ ########################################################################## ######################################################## ## Copyright (c) 2008 Kirk Bauer ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### use POSIX qw(strftime); use Logwatch ':dates'; my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; my $time = time; $SearchDate = TimeFilter('%b %e %H:%M:%S %Y'); if ( $Debug > 5 ) { print STDERR "DEBUG: Inside ApplyDate (xferlog)...\n"; print STDERR "DEBUG: Looking For: " . $SearchDate . "\n"; } while (defined($ThisLine = )) { if ($ThisLine =~ m/^... $SearchDate/o) { print $ThisLine; } } # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: logwatch-7.4.0+svn20130529rev144/scripts/logfiles/xferlog/removeheaders000077500000000000000000000024131215235751200254530ustar00rootroot00000000000000 ########################################################################## # $Id: removeheaders,v 1.7 2008/03/24 23:31:26 kirk Exp $ ########################################################################## ######################################################## ## Copyright (c) 2008 Kirk Bauer ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### while (defined($ThisLine = )) { $ThisLine =~ s/^... ... .. ..:..:.. .... [0123456789]+ //; print $ThisLine; } # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: logwatch-7.4.0+svn20130529rev144/scripts/logfiles/yum/000077500000000000000000000000001215235751200220405ustar00rootroot00000000000000logwatch-7.4.0+svn20130529rev144/scripts/logfiles/yum/applydate000066400000000000000000000034171215235751200237530ustar00rootroot00000000000000########################################################################## # $Id: applydate,v 1.4 2008/03/24 23:31:26 kirk Exp $ ########################################################################## ######################################################## ## Copyright (c) 2008 Kirk Bauer ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### use POSIX qw(strftime); use Logwatch ':dates'; my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0; my $time = time; # Two formats in use: SearchNewDate is for yum 2.1 and later, I believe $SearchDate = TimeFilter('%m/%d/%y %H:%M:%S'); $SearchNewDate = TimeFilter('%b %d %H:%M:%S'); if ( $Debug > 5 ) { print STDERR "DEBUG: Inside ApplyDate (yum)...\n"; print STDERR "DEBUG: Looking For: " . $SearchDate . " or " . $SearchNewDate . "\n"; } while (defined($ThisLine = )) { # Here we actually remove the dates, as well if ($ThisLine =~ s/^$SearchNewDate //o || $ThisLine =~ s/$SearchDate //o) { print $ThisLine; } } # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End: logwatch-7.4.0+svn20130529rev144/scripts/logwatch.pl000077500000000000000000001616121215235751200216010ustar00rootroot00000000000000#!/usr/bin/perl -w use strict; ########################################################################## ########################################################################## # Most current version can always be found at: # ftp://ftp.logwatch.org/pub/linux (tarball) # ftp://ftp.logwatch.org/pub/redhat/RPMS (RPMs) ######################################################## # Specify version and build-date: my $Version = '7.4.0'; my $VDate = '03/01/11'; ####################################################### # Logwatch was written and is maintained by: # Kirk Bauer # # Unless otherwise specified, Logwatch and all bundled filter scripts # are Copyright (c) Kirk Bauer and covered under the included MIT/X # Consortium license. # # Please send all comments, suggestions, bug reports, # etc, to logwatch@logwatch.org. # ######################################################## ############################################################################ # ENV SETTINGS: # About the locale: some functions use locale information. In particular, # Logwatch makes use of strftime, which makes use of LC_TIME variable. Other # functions may also use locale information. # # Because the parsing must be in the same locale as the logged information, # and this appears to be "C", "POSIX", or "en_US", we set LC_ALL for # this and other scripts invoked by this script. We use "C" because it # is always (?) available, whereas POSIX or en_US may not. They all use # the same time formats and rely on the ASCII character set. # # Variables REAL_LANG and REAL_LC_ALL keep the original values for use by # scripts that need native language. $ENV{'REAL_LANG'}=$ENV{'LANG'} if $ENV{'LANG'}; $ENV{'REAL_LC_ALL'}=$ENV{'LC_ALL'} if $ENV{'LC_ALL'}; # Setting ENV for scripts invoked by this script. $ENV{'LC_ALL'} = "C"; # Using setlocale to set locale for this script. use POSIX qw(locale_h); setlocale(LC_ALL, "C"); my $BaseDir = "/usr/share/logwatch"; my $ConfigDir = "/etc/logwatch"; my $PerlVersion = "$^X"; ############################################################################# ############################################################################# # SET LIBS, GLOBALS, and DEFAULTS use Getopt::Long; use POSIX qw(uname); use File::Temp qw/ tempdir /; eval "use lib \"$BaseDir/lib\";"; eval "use Logwatch \':dates\'"; my (%Config, @ServiceList, @LogFileList, %ServiceData, %LogFileData); my (@AllShared, @AllLogFiles, @FileList); # These need to not be global variables one day my (@ReadConfigNames, @ReadConfigValues); # Default config here... $Config{'detail'} = 0; # if MAILTO is set in the environment, grab it, as it may be used by cron # or anacron if ($ENV{'MAILTO'}) { $Config{'mailto'} = $ENV{'MAILTO'}; } else { $Config{'mailto'} = "root"; } $Config{'mailfrom'} = "Logwatch"; $Config{'subject'} = ""; $Config{'filename'} = ""; $Config{'range'} = "yesterday"; $Config{'debug'} = 0; $Config{'archives'} = 1; $Config{'tmpdir'} = "/var/cache/logwatch"; $Config{'numeric'} = 0; $Config{'pathtocat'} = "cat"; $Config{'pathtozcat'} = "zcat"; $Config{'pathtobzcat'} = "bzcat"; $Config{'output'} = "stdout"; #8.0 $Config{'format'} = "text"; #8.0 $Config{'encode'} = "none"; #8.0 $Config{'hostformat'} = "none"; #8.0 $Config{'html_wrap'} = 80; $Config{'supress_ignores'} = 0; if (-e "$ConfigDir/conf/html/header.html") { $Config{'html_header'} = "$ConfigDir/conf/html/header.html"; } elsif (-e "$BaseDir/dist.conf/html/header.html") { $Config{'html_header'} = "$BaseDir/dist.conf/html/header.html"; } else { $Config{'html_header'} = "$BaseDir/default.conf/html/header.html"; } if (-e "$ConfigDir/conf/html/footer.html") { $Config{'html_footer'} = "$ConfigDir/conf/html/footer.html"; } elsif (-e "$BaseDir/dist.conf/html/footer.html") { $Config{'html_footer'} = "$BaseDir/dist.conf/html/footer.html"; } else { $Config{'html_footer'} = "$BaseDir/default.conf/html/footer.html"; } # Logwatch now does some basic searching for logs # So if the log file is not in the log path it will check /var/adm # and then /var/log -mgt $Config{'logdir'} = "/var/log"; #Added to create switches for different os options -mgt #Changed to POSIX to remove calls to uname and hostname my ($OSname, $hostname, $release, $version, $machine) = POSIX::uname(); $Config{'hostname'} = "$hostname"; my %wordsToInts = (yes => 1, no => 0, true => 1, false => 0, on => 1, off => 0, high => 10, med => 5, medium => 5, low => 0); ############################################################################# ############################################################################# #Load CONFIG, READ OPTIONS, make adjustments # Load main config file... if ($Config{'debug'} > 8) { print "\nDefault Config:\n"; &PrintConfig(); } &CleanVars(); # For each of the configuration sets (logwatch.conf here, and # logfiles,and services later), we do the following: # 1. read the different configuration files # 2. for each parameter, if it is cummulative, check if # it the special case empty string # 3. check to see if duplicate @ReadConfigNames = (); @ReadConfigValues = (); &ReadConfigFile ("$BaseDir/default.conf/logwatch.conf", ""); &ReadConfigFile ("$BaseDir/dist.conf/logwatch.conf", ""); &ReadConfigFile ("$ConfigDir/conf/logwatch.conf", ""); &ReadConfigFile ("$ConfigDir/conf/override.conf", "logwatch"); for (my $i = 0; $i <= $#ReadConfigNames; $i++) { if ($ReadConfigNames[$i] eq "logfile") { if ($ReadConfigValues[$i] eq "") { @LogFileList = (); } elsif (! grep(/^$ReadConfigValues[$i]$/, @LogFileList)) { push @LogFileList, $ReadConfigValues[$i]; } } elsif ($ReadConfigNames[$i] eq "service") { if ($ReadConfigValues[$i] eq "") { @ServiceList = (); } elsif (! grep(/^$ReadConfigValues[$i]$/, @ServiceList)) { push @ServiceList, $ReadConfigValues[$i]; } } else { $Config{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; } } &CleanVars(); if ($Config{'debug'} > 8) { print "\nConfig After Config File:\n"; &PrintConfig(); } # Options time... my @TempLogFileList = (); my @TempServiceList = (); my $Help = 0; my $ShowVersion = 0; my ($tmp_mailto, $tmp_savefile); &GetOptions ("d|detail=s" => \$Config{'detail'}, "l|logfile=s@" => \@TempLogFileList, "logdir=s" => \$Config{'logdir'}, "s|service=s@" => \@TempServiceList, "m|mailto=s" => \$tmp_mailto, "filename=s" => \$tmp_savefile, "a|archives" => \$Config{'archives'}, "debug=s" => \$Config{'debug'}, "r|range=s" => \$Config{'range'}, "n|numeric" => \$Config{'numeric'}, "h|help" => \$Help, "u|usage" => \$Help, "v|version" => \$ShowVersion, "hostname=s" => \$Config{'hostname'}, "o|output=s" => \$Config{'output'}, "f|format=s" => \$Config{'format'}, "e|encode=s" => \$Config{'encode'}, "hostformat=s" => \$Config{'hostformat'}, "hostlimit=s" => \$Config{'hostlimit'}, "html_wrap=s" => \$Config{'html_wrap'}, "subject=s" => \$Config{'subject'} ) or &Usage(); $Help and &Usage(); #Catch option exceptions and extra logic here -mgt if ($Config{'range'} =~ /help/i) { &RangeHelpDM(); exit(0); } if ($ShowVersion) { print "Logwatch $Version (released $VDate)\n"; exit 0; } if ($tmp_mailto) { $Config{'mailto'} = $tmp_mailto; $Config{'output'} = "mail"; #8.0 } if ($tmp_savefile) { $Config{'filename'} = $tmp_savefile; $Config{'output'} = "file"; #8.0 } if ($Config{'hostformat'} eq "splitmail") { $Config{'output'} = "mail"; #8.0 #split hosts 1 long output stream #split hosts multiple output streams -mgt } &CleanVars(); #Init Output vars -mgt my $index_par=0; my @format = (250); my %out_body; my @reports = (); my $out_head =''; my $out_mime =''; my $out_reference =''; my $out_foot =''; #Eval wrapper for MIME::Base64. Perl 5.6.1 does not include it. #So Solaris 9 will break with out this. -mgt #8.0 Catch encode types here if ( $Config{'encode'} eq "base64" ) { eval "require MIME::Base64"; if ($@) { print STDERR "No MIME::Base64 installed can not use --encode\n"; } else { import MIME::Base64; } } #Reset save file now if we are going ot use it and it exists -mgt if (($Config{'filename'} ne "") && (-e "$Config{'filename'}") ) { unlink "$Config{'filename'}"; } #Check fallback to stdout if output is mail and no mailto exists -mgt if ( ($Config{'output'} eq "mail") && ($Config{'mailto'} eq "") ) { $Config{'output'} = "stdout"; } if ($Config{'debug'} > 8) { print "\nCommand Line Parameters:\n Log File List:\n"; &PrintStdArray(@TempLogFileList); print "\n Service List:\n"; &PrintStdArray(@TempServiceList); print "\nConfig After Command Line Parsing:\n"; &PrintConfig(); } if ($#TempLogFileList > -1) { @LogFileList = @TempLogFileList; for (my $i = 0; $i <= $#LogFileList; $i++) { $LogFileList[$i] = lc($LogFileList[$i]); } @ServiceList = (); } if ($#TempServiceList > -1) { @ServiceList = @TempServiceList; for (my $i = 0; $i <= $#ServiceList; $i++) { $ServiceList[$i] = lc($ServiceList[$i]); } } if ( ($#ServiceList == -1) and ($#LogFileList == -1) ) { push @ServiceList, 'all'; } if ($Config{'debug'} > 5) { print "\nConfig After Everything:\n"; &PrintConfig(); } ############################################################################# # Find out what services are defined... my @TempAllServices = (); my @services = (); my (@CmdList, @CmdArgList, @Separators, $ThisFile, $count); foreach my $ServicesDir ("$BaseDir/default.conf", "$BaseDir/dist.conf", "$ConfigDir/conf") { if (-d "$ServicesDir/services") { opendir(SERVICESDIR, "$ServicesDir/services") or die "$ServicesDir $!"; while (defined($ThisFile = readdir(SERVICESDIR))) { if ((-f "$ServicesDir/services/$ThisFile") && (!grep (/^$ThisFile$/, @services)) && ($ThisFile =~ /\.conf$/)) { push @services, $ThisFile; } } closedir SERVICESDIR; } } foreach my $f (@services) { my $ThisService = lc $f; $ThisService =~ s/\.conf$//; push @TempAllServices, $ThisService; # @Separators tells us where each of the config files start, and # is used only for the commands (entries that start with '*') @ReadConfigNames = (); @ReadConfigValues = (); @Separators = (); push (@Separators, scalar(@ReadConfigNames)); &ReadConfigFile("$BaseDir/default.conf/services/$f", ""); push (@Separators, scalar(@ReadConfigNames)); &ReadConfigFile("$BaseDir/dist.conf/services/$f", ""); push (@Separators, scalar(@ReadConfigNames)); &ReadConfigFile("$ConfigDir/conf/services/$f",""); push (@Separators, scalar(@ReadConfigNames)); &ReadConfigFile("$ConfigDir/conf/override.conf", "services/$ThisService"); @CmdList = (); @CmdArgList = (); # set the default for DisplayOrder (0.5), which should be a fraction of any precision between 0 and 1 $ServiceData{$ThisService}{'displayorder'} = 0.5; for (my $i = 0; $i <= $#ReadConfigNames; $i++) { if (grep(/^$i$/, @Separators)) { $count = 0; } if ($ReadConfigNames[$i] eq 'logfile') { if ($ReadConfigValues[$i] eq "") { @{$ServiceData{$ThisService}{'logfiles'}} = (); } elsif (! grep(/^$ReadConfigValues[$i]$/, @{$ServiceData{$ThisService}{'logfiles'}})) { push @{$ServiceData{$ThisService}{'logfiles'}}, $ReadConfigValues[$i]; } } elsif ($ReadConfigNames[$i] =~ /^\*/) { if ($count == 0) { @CmdList = (); @CmdArgList = (); } $count++; push (@CmdList, $ReadConfigNames[$i]); push (@CmdArgList, $ReadConfigValues[$i]); } else { $ServiceData{$ThisService}{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; } } for my $i (0..$#CmdList) { $ServiceData{$ThisService}{+sprintf("%03d-%s", $i, $CmdList[$i])} = $CmdArgList[$i]; } } my @AllServices = sort @TempAllServices; # Find out what logfiles are defined... my @logfiles = (); foreach my $LogfilesDir ("$BaseDir/default.conf", "$BaseDir/dist.conf", "$ConfigDir/conf") { if (-d "$LogfilesDir/logfiles") { opendir(LOGFILEDIR, "$LogfilesDir/logfiles") or die "$LogfilesDir $!"; while (defined($ThisFile = readdir(LOGFILEDIR))) { if ((-f "$LogfilesDir/logfiles/$ThisFile") && (!grep (/^$ThisFile$/, @logfiles))) { push @logfiles, $ThisFile; } } closedir LOGFILEDIR; } } for $ThisFile (@logfiles) { my $ThisLogFile = $ThisFile; if ($ThisLogFile =~ s/\.conf$//i) { push @AllLogFiles, $ThisLogFile; @ReadConfigNames = (); @ReadConfigValues = (); @Separators = (); push (@Separators, scalar(@ReadConfigNames)); &ReadConfigFile("$BaseDir/default.conf/logfiles/$ThisFile", ""); push (@Separators, scalar(@ReadConfigNames)); &ReadConfigFile("$BaseDir/dist.conf/logfiles/$ThisFile", ""); push (@Separators, scalar(@ReadConfigNames)); &ReadConfigFile("$ConfigDir/conf/logfiles/$ThisFile", ""); push (@Separators, scalar(@ReadConfigNames)); &ReadConfigFile("$ConfigDir/conf/override.conf", "logfiles/$ThisLogFile"); @CmdList = (); @CmdArgList = (); @{$LogFileData{$ThisLogFile}{'logfiles'}} = (); @{$LogFileData{$ThisLogFile}{'archives'}} = (); for (my $i = 0; $i <= $#ReadConfigNames; $i++) { if (grep(/^$i$/, @Separators)) { $count = 0; } my @TempLogFileList; if ($ReadConfigNames[$i] eq "logfile") { #Lets try and find the logs -mgt if ($ReadConfigValues[$i] eq "") { @{$LogFileData{$ThisLogFile}{'logfiles'}} = (); } else { if ($ReadConfigValues[$i] !~ m=^/=) { foreach my $dir ("$Config{'logdir'}/", "/var/adm/", "/var/log/", "") { # We glob to obtain filenames. We reverse in case # we use the decimal suffix (.0, .1, etc.) in filenames #@TempLogFileList = reverse(glob($dir . $ReadConfigValues[$i])); @TempLogFileList = sort{ ($b =~ /(\d+)$/) <=> ($a =~ /(\d+)$/) || uc($a) cmp uc($b) }(glob($dir . $ReadConfigValues[$i])); # And we check for existence once again, since glob # may return the search pattern if no files found. last if (@TempLogFileList && (-e $TempLogFileList[0])); } } else { #@TempLogFileList = reverse(glob($ReadConfigValues[$i])); @TempLogFileList = sort{ ($b =~ /(\d+)$/) <=> ($a =~ /(\d+)$/) || uc($a) cmp uc($b) }(glob($ReadConfigValues[$i])); } # We attempt to remove duplicates. # Same applies to archives, in the next block. foreach my $TempLogFileName (@TempLogFileList) { if (grep(/^\Q$TempLogFileName\E$/, @{$LogFileData{$ThisLogFile}{'logfiles'}})) { if ($Config{'debug'} > 2) { print "Removing duplicate LogFile file $TempLogFileName from $ThisFile configuration.\n"; } } else { if (-e $TempLogFileName) { push @{$LogFileData{$ThisLogFile}{'logfiles'}}, $TempLogFileName; } } } } } elsif (($ReadConfigNames[$i] eq "archive") && ( $Config{'archives'} == 1)) { if ($ReadConfigValues[$i] eq "") { @{$LogFileData{$ThisLogFile}{'archives'}} = (); } else { if ($ReadConfigValues[$i] !~ m=^/=) { foreach my $dir ("$Config{'logdir'}/", "/var/adm/", "/var/log/", "") { # We glob to obtain filenames. We reverse in case # we use the decimal suffix (.0, .1, etc.) in filenames #@TempLogFileList = reverse(glob($dir . $ReadConfigValues[$i])); @TempLogFileList = sort{ ($b =~ /(\d+)$/) <=> ($a =~ /(\d+)$/) || uc($a) cmp uc($b) }(glob($dir . $ReadConfigValues[$i])); # And we check for existence once again, since glob # may return the search pattern if no files found. last if (@TempLogFileList && (-e $TempLogFileList[0])); } } else { #@TempLogFileList = reverse(glob($ReadConfigValues[$i])); @TempLogFileList = sort{ ($b =~ /(\d+)$/) <=> ($a =~ /(\d+)$/) || uc($a) cmp uc($b) }(glob($ReadConfigValues[$i])); } # We attempt to remove duplicates. This time we also check # against the LogFile declarations. foreach my $TempLogFileName (@TempLogFileList) { if (grep(/^\Q$TempLogFileName\E$/, @{$LogFileData{$ThisLogFile}{'archives'}}) || grep(/^\Q$TempLogFileName\E$/, @{$LogFileData{$ThisLogFile}{'logfiles'}}) ) { if ($Config{'debug'} > 2) { print "Removing duplicate Archive file $TempLogFileName from $ThisFile configuration.\n"; } } else { if (-e $TempLogFileName) { push @{$LogFileData{$ThisLogFile}{'archives'}}, $TempLogFileName; } } } } } elsif ($ReadConfigNames[$i] =~ /^\*/) { if ($count == 0) { @CmdList = (); @CmdArgList = (); } $count++; push (@CmdList, $ReadConfigNames[$i]); push (@CmdArgList, $ReadConfigValues[$i]); } else { $LogFileData{$ThisLogFile}{$ReadConfigNames[$i]} = $ReadConfigValues[$i]; } for my $i (0..$#CmdList) { $LogFileData{$ThisLogFile}{+sprintf("%03d-%s", $i, $CmdList[$i])} = $CmdArgList[$i]; } } } } # Find out what shared functions are defined... opendir(SHAREDDIR, "$BaseDir/scripts/shared") or die "$BaseDir/scripts/shared/, $!\n"; while (defined($ThisFile = readdir(SHAREDDIR))) { unless (-d "$BaseDir/scripts/shared/$ThisFile") { push @AllShared, lc($ThisFile); } } closedir(SHAREDDIR); if ($Config{'debug'} > 5) { print "\nAll Services:\n"; &PrintStdArray(@AllServices); print "\nAll Log Files:\n"; &PrintStdArray(@AllLogFiles); print "\nAll Shared:\n"; &PrintStdArray(@AllShared); } ############################################################################# # Time to expand @ServiceList, using @LogFileList if defined... if ((scalar @ServiceList > 0) && (grep /^all$/i, @ServiceList)) { # This means we are doing *all* services ... but excluding some my %tmphash; foreach my $item (@AllServices) { $tmphash{lc $item} = ""; } foreach my $service (@ServiceList) { next if $service =~ /^all$/i; if ($service =~ /^\-(.+)$/) { my $offservice = lc $1; if (! grep (/^$offservice$/, @AllServices)) { die "Nonexistent service to disable: $offservice\n"; } if (exists $tmphash{$offservice}) { delete $tmphash{$offservice}; } } else { die "Wrong configuration entry for \"Service\", if \"All\" selected, only \"-\" items are allowed\n"; } } @ServiceList = (); foreach my $keys (keys %tmphash) { push @ServiceList, $keys; } @LogFileList = (); } else { my $ThisOne; while (defined($ThisOne = pop @LogFileList)) { unless ($LogFileData{$ThisOne}) { die "Logwatch is not configured to use logfile: $ThisOne\n"; } foreach my $ThisService (keys %ServiceData) { for (my $i = 0; $i <= $#{$ServiceData{$ThisService}{'logfiles'}}; $i++) { if ( $ServiceData{$ThisService}{'logfiles'}[$i] eq $ThisOne ) { push @ServiceList,$ThisService; } } } } @TempServiceList = sort @ServiceList; @ServiceList = (); my $LastOne = ""; while (defined($ThisOne = pop @TempServiceList)) { unless ( ($ThisOne eq $LastOne) or ($ThisOne eq 'all') or ($ThisOne =~ /^-/)) { unless ($ServiceData{$ThisOne}) { die "Logwatch does not know how to process service: $ThisOne\n"; } push @ServiceList, $ThisOne; } $LastOne = $ThisOne; } } # Now lets fill up @LogFileList again... foreach my $ServiceName (@ServiceList) { foreach my $LogName ( @{$ServiceData{$ServiceName}{'logfiles'} } ) { unless ( grep m/^$LogName$/, @LogFileList ) { push @LogFileList, $LogName; } } } if ($Config{'debug'} > 7) { print "\n\nAll Service Data:\n"; &PrintServiceData(); print "\nServices that will be processed:\n"; &PrintStdArray(@ServiceList); print "\n\n"; print "\n\nAll LogFile Data:\n"; &PrintLogFileData(); print "\nLogFiles that will be processed:\n"; &PrintStdArray(@LogFileList); print "\n\n"; } ############################################################################# # check for existence of previous logwatch directories opendir(TMPDIR, $Config{'tmpdir'}) or die "$Config{'tmpdir'} $!"; my @old_dirs = grep { /^logwatch\.\w{8}$/ && -d "$Config{'tmpdir'}/$_" } readdir(TMPDIR); if (@old_dirs) { print "You have old files in your logwatch tmpdir ($Config{'tmpdir'}):\n\t"; print join("\n\t", @old_dirs); print "\nThe directories listed above were most likely created by a\n"; print "logwatch run that failed to complete successfully. If so, you\n"; print "may delete these directories.\n\n"; } closedir(TMPDIR); if (!-w $Config{'tmpdir'}) { my $err_str = "You do not have permission to create a temporary directory"; $err_str .= " under $Config{'tmpdir'}."; if ($> !=0) { $err_str .= " You are not running as superuser."; } $err_str .= "\n"; die $err_str; } #Set very strict permissions because we deal with security logs umask 0177; #Making temp dir with File::Temp -mgt my $cleanup = 0; if ($Config{'debug'} < 100) { $cleanup = 1; } my $TempDir = tempdir( 'logwatch.XXXXXXXX', DIR => $Config{tmpdir}, CLEANUP => $cleanup ); if ($Config{'debug'}>7) { print "\nMade Temp Dir: " . $TempDir . " with tempdir\n"; } unless ($TempDir =~ m=/$=) { $TempDir .= "/"; } ############################################################################# # Set up the environment... $ENV{'LOGWATCH_DATE_RANGE'} = $Config{'range'}; $ENV{'LOGWATCH_GLOBAL_DETAIL'} = $Config{'detail'}; $ENV{'LOGWATCH_OUTPUT_TYPE'} = $Config{'output'}; #8.0 $ENV{'LOGWATCH_FORMAT_TYPE'} = $Config{'format'}; #8.0 $ENV{'LOGWATCH_DEBUG'} = $Config{'debug'}; $ENV{'LOGWATCH_TEMP_DIR'} = $TempDir; $ENV{'LOGWATCH_NUMERIC'} = $Config{'numeric'}; $ENV{'HOSTNAME'} = $Config{'hostname'}; $ENV{'OSname'} = $OSname; #split and splitmail also play with LOGWATCH_ONLY_HOSTNAME which is not shown by debug if ($Config{'hostlimit'}) { #Pass the list to ENV with out touching it $ENV{'LOGWATCH_ONLY_HOSTNAME'} = $Config{'hostlimit'}; } if ($Config{'debug'}>4) { foreach ('LOGWATCH_DATE_RANGE', 'LOGWATCH_GLOBAL_DETAIL', 'LOGWATCH_OUTPUT_TYPE', 'LOGWATCH_FORMAT_TYPE', 'LOGWATCH_TEMP_DIR', 'LOGWATCH_DEBUG', 'LOGWATCH_ONLY_HOSTNAME') { if ($ENV{$_}) { print "export $_='$ENV{$_}'\n"; } } } my $LibDir = "$BaseDir/lib"; if ($ENV{PERL5LIB}) { # User dirs should be able to override this setting $ENV{PERL5LIB} = "$ENV{PERL5LIB}:$LibDir"; } else { $ENV{PERL5LIB} = $LibDir; } ############################################################################# unless ($Config{'logdir'} =~ m=/$=) { $Config{'logdir'} .= "/"; } # Okay, now it is time to do pre-processing on all the logfiles... my @EnvList = (); my $LogFile; foreach $LogFile (@LogFileList) { next if ($LogFile eq 'none'); if (!defined($LogFileData{$LogFile}{'logfiles'})) { print "*** Error: There is no logfile defined. Do you have a $ConfigDir/conf/logfiles/" . $LogFile . ".conf file ?\n"; next; } @FileList = $TempDir . $LogFile . "-archive"; push @FileList, @{$LogFileData{$LogFile}{'logfiles'}}; my $DestFile = $TempDir . $LogFile . "-archive"; my $Archive; foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) { if ($Archive =~ /'/) { print "File $Archive has invalid embedded quotes. File ignored.\n"; next; } my $CheckTime; # We need to find out what's the earliest log we need my @time_t = TimeBuild(); if ($Config{'range'} eq 'all') { if ($Config{'archives'} == 0) { # range is 'all', but we don't get archive files $CheckTime = time; } else { # range is 'all', and we get all archive files $CheckTime = 0; } } elsif ($time_t[0]) { # range is something else, and we need to get one # day ahead. A day has 86400 seconds. (We double # that to deal with different timezones.) $CheckTime = $time_t[0] - 86400*2; } else { # range is wrong print STDERR "ERROR: Range \'$Config{'range'}\' not understood\n"; RangeHelpDM(); exit 1; } #Archives are cat'd without any filters then cat'd along with the normal log file my @FileStat = stat($Archive); if ($CheckTime <= ($FileStat[9])) { if (($Archive =~ m/gz$/) && (-f "$Archive") && (-s "$Archive")) { my $arguments = "'${Archive}' >> $DestFile"; system("$Config{'pathtozcat'} $arguments") == 0 or die "system '$Config{'pathtozcat'} $arguments' failed: $?" } elsif (($Archive =~ m/bz2$/) && (-f "$Archive") && (-s "$Archive")) { my $arguments = "'${Archive}' 2>/dev/null >> $DestFile"; system("$Config{'pathtobzcat'} $arguments") == 0 or die "system '$Config{'pathtobzcat'} $arguments' failed: $?" } elsif ((-f "$Archive") && (-s "$Archive")) { my $arguments = "'${Archive}' >> $DestFile"; system("$Config{'pathtocat'} $arguments") == 0 or die "system '$Config{'pathtocat'} $arguments' failed: $?" } #End if/elsif existence } #End if $CheckTime } #End Archive my $FileText = ""; foreach my $ThisFile (@FileList) { #Existence check for files -mgt next unless (-f $ThisFile); if ($ThisFile =~ /'/) { print "File $ThisFile has invalid embedded quotes. File ignored.\n"; next; } if (! -r $ThisFile) { print "File $ThisFile is not readable. Check permissions."; if ($> != 0) { print " You are not running as superuser."; } print "\n"; next; } #FIXME - We have a bug report for filenames with spaces, can be caught here needs test -mgt $FileText .= ("'" . $ThisFile . "' "); } #End foreach ThisFile # remove the ENV entries set by previous service foreach my $Parm (@EnvList) { delete $ENV{$Parm}; } @EnvList = (); my $FilterText = " "; foreach (sort keys %{$LogFileData{$LogFile}}) { my $cmd = $_; if ($cmd =~ s/^\d+-\*//) { if (-f "$ConfigDir/scripts/shared/$cmd") { $FilterText .= ("| $PerlVersion $ConfigDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" ); } elsif (-f "$BaseDir/scripts/shared/$cmd") { $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" ); } else { die "Cannot find shared script $cmd\n"; } } elsif ($cmd =~ s/^\$//) { push @EnvList, $cmd; $ENV{$cmd} = $LogFileData{$LogFile}{$_}; if ($Config{'debug'}>4) { print "export $cmd='$LogFileData{$LogFile}{$_}'\n"; } } } #Hostlimit filter need to add ability to negate this use "NoHostFilter = Yes" in logfile like samba -mgt if ( ($Config{'hostlimit'}) && (!$LogFileData{$LogFile}{'nohostfilter'}) ) { #Pass the list to ENV with out touching it $ENV{'LOGWATCH_ONLY_HOSTNAME'} = $Config{'hostlimit'}; $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/onlyhost"); } if (opendir (LOGDIR, "$ConfigDir/scripts/logfiles/" . $LogFile)) { foreach (sort readdir(LOGDIR)) { unless ( -d "$ConfigDir/scripts/logfiles/$LogFile/$_") { $FilterText .= ("| $PerlVersion $ConfigDir/scripts/logfiles/$LogFile/$_"); } } closedir (LOGDIR); } if (opendir (LOGDIR, "$BaseDir/scripts/logfiles/" . $LogFile)) { foreach (sort readdir(LOGDIR)) { unless (( -d "$BaseDir/scripts/logfiles/$LogFile/$_") or # if in ConfigDir, then the ConfigDir version is used ( -f "$ConfigDir/scripts/logfiles/$LogFile/$_")) { $FilterText .= ("| $PerlVersion $BaseDir/scripts/logfiles/$LogFile/$_"); } } closedir (LOGDIR); } #Instead of trying to cat non-existent logs we test for it above -mgt if ($FileText) { my $Command = $FileText . $FilterText . ">" . $TempDir . $LogFile; if ($Config{'debug'}>4) { print "\nPreprocessing LogFile: " . $LogFile . "\n" . $Command . "\n"; } if ($LogFile !~ /^[-_\w\d]+$/) { print STDERR "Unexpected filename: [[$LogFile]]. Not used\n" } else { #System call does the log processing system("$Config{'pathtocat'} $Command") == 0 or die "system '$Config{'pathtocat'} $Command' failed: $?" } } } #populate the host lists if we're splitting hosts #It seems this is run after the file is parsed so it is done 2 times? #Can it be put inline with the above filters? my @hosts; if ($Config{'hostformat'} ne "none") { #8.0 my $newlogfile; my @logarray; opendir (LOGDIR,$TempDir) || die "Cannot open dir"; @logarray = readdir(LOGDIR); closedir (LOGDIR); my $ecpcmd = ("| $PerlVersion $BaseDir/scripts/shared/hostlist"); #Note hostlist and hosthash [which is never used] exist to build list of host names seen foreach $newlogfile (@logarray) { my $eeefile = ("$TempDir" . "$newlogfile"); if ((!(-d $eeefile)) && (!($eeefile =~ m/-archive/))) { system("$Config{'pathtocat'} $eeefile $ecpcmd") == 0 or die "system '$Config{'pathtocat'} $eeefile $ecpcmd' failed: $?" } } #read in the final host list open (HOSTFILE,"$TempDir/hostfile") || die $!; @hosts = ; close (HOSTFILE); chomp @hosts; #fixme check the sort? #@hosts = sort(@hosts); } ############################################################################# my $report_finish = "\n ###################### Logwatch End ######################### \n\n"; my $printing = ''; my $emailopen = ''; #################################################################### #Call Parse logs if ($Config{'hostformat'} ne "none") { my $Host; foreach $Host (@hosts) { $printing = ''; $ENV{'LOGWATCH_ONLY_HOSTNAME'} = $Host; $Config{'hostname'} = $Host; #resetting hostname here makes it appear in output header -mgt parselogs(); } # ECP } else { parselogs(); } #Close Filehandle is needed -mgt close(OUTFILE) unless ($Config{'output'} eq "stdout"); ############################################################################# exit(0); ############################################################################# #END MAIN ############################################################################# ###################################################################### #sub getInt #Notes: Called by CleanVars ###################################################################### sub getInt { my $word = shift; unless (defined($word)) { return $word; } my $tmpWord = lc $word; $tmpWord =~ s/\W//g; return $wordsToInts{$tmpWord} if (defined $wordsToInts{$tmpWord}); unless ($word =~ s/^"(.*)"$/$1/) { return lc $word; } return $word; } ###################################################################### #sub CleanVars #Notes: Called during #Load CONFIG, READ OPTIONS, make adjustments ###################################################################### sub CleanVars { foreach (keys %Config) { unless (defined $Config{$_} and $_ eq "hostname") { $Config{$_} = getInt($Config{$_}); } } } ###################################################################### #sub PrintStdArray # ###################################################################### sub PrintStdArray (@) { my @ThisArray = @_; my $i; for ($i=0;$i<=$#ThisArray;$i++) { print "[" . $i . "] = " . $ThisArray[$i] . "\n"; } } ###################################################################### #sub PrintConfig # ###################################################################### sub PrintConfig () { # for debugging, print out config... foreach (keys %Config) { print $_ . ' -> ' . $Config{$_} . "\n"; } print "Service List:\n"; &PrintStdArray(@ServiceList); print "\n"; print "LogFile List:\n"; &PrintStdArray(@LogFileList); print "\n\n"; } ###################################################################### #sub PrintServiceData # ###################################################################### # for debugging... sub PrintServiceData () { my ($ThisKey1,$ThisKey2,$i); foreach $ThisKey1 (keys %ServiceData) { print "\nService Name: " . $ThisKey1 . "\n"; foreach $ThisKey2 (keys %{$ServiceData{$ThisKey1}}) { next unless ($ThisKey2 =~ /^\d+-/); print " $ThisKey2 = $ServiceData{$ThisKey1}{$ThisKey2}\n"; } for ($i=0;$i<=$#{$ServiceData{$ThisKey1}{'logfiles'}};$i++) { print " Logfile = " . $ServiceData{$ThisKey1}{'logfiles'}[$i] . "\n"; } } } ###################################################################### #sub PrintLogFileData # ###################################################################### # for debugging... sub PrintLogFileData () { my ($ThisKey1,$ThisKey2,$i); foreach $ThisKey1 (keys %LogFileData) { print "\nLogfile Name: " . $ThisKey1 . "\n"; foreach $ThisKey2 (keys %{$LogFileData{$ThisKey1}}) { next unless ($ThisKey2 =~ /^\d+-/); print " $ThisKey2 = $LogFileData{$ThisKey1}{$ThisKey2}\n"; } for ($i=0;$i<=$#{$LogFileData{$ThisKey1}{'logfiles'}};$i++) { print " Logfile = " . $LogFileData{$ThisKey1}{'logfiles'}[$i] . "\n"; } for ($i=0;$i<=$#{$LogFileData{$ThisKey1}{'archives'}};$i++) { print " Archive = " . $LogFileData{$ThisKey1}{'archives'}[$i] . "\n"; } if ($LogFileData{$ThisKey1}{'nohostfilter'}) { print " NoHostFilter = " . $LogFileData{$ThisKey1}{'nohostfilter'} . "\n"; } } } ###################################################################### #sub ReadConfigFile # ###################################################################### sub ReadConfigFile { my $FileName = $_[0]; my $Prefix = $_[1]; if ( ! -f $FileName ) { return(0); } if ($Config{'debug'} > 5) { print "ReadConfigFile: Opening " . $FileName . "\n"; } open (READCONFFILE, $FileName) or die "Cannot open file $FileName: $!\n"; my $line; while ($line = ) { if ($Config{'debug'} > 9) { print "ReadConfigFile: Read Line: " . $line; } $line =~ s/\#.*\\\s*$/\\/; $line =~ s/\#.*$//; next if ($line =~ /^\s*$/); if ($Prefix) { next if ($line !~ m/\Q$Prefix:\E/); $line =~ s/\Q$Prefix:\E//; } if ($line =~ s/\\\s*$//) { $line .= ; redo unless eof(READCONFFILE); } my ($name, $value) = split /=/, $line, 2; $name =~ s/^\s+//; $name =~ s/\s+$//; if ($value) { $value =~ s/^\s+//; $value =~ s/\s+$//; } else { $value = ''; } push @ReadConfigNames, lc $name; push @ReadConfigValues, getInt $value; if ($Config{'debug'} > 7) { print "ReadConfigFile: Name=" . $name . ", Value=" . $value . "\n"; } } close READCONFFILE; } ######################################################################### #sub Usage # ######################################################################### sub Usage () { # Show usage for this program print "\nUsage: $0 [--detail ] [--logfile ] [--output ]\n" . " [--format ] [--encode ] [--numeric]\n" . " [--mailto ] [--archives] [--range ] [--debug ]\n" . " [--filename ] [--help|--usage] [--version] [--service ]\n" . " [--hostformat ] [--hostlimit ] [--html_wrap ]\n\n"; print "--detail : Report Detail Level - High, Med, Low or any #.\n"; print "--logfile : *Name of a logfile definition to report on.\n"; print "--logdir : Name of default directory where logs are stored.\n"; print "--service : *Name of a service definition to report on.\n"; print "--output : Report Output - stdout [default], mail, file.\n"; #8.0 print "--format : Report Format - text [default], html.\n"; #8.0 print "--encode : Enconding to use - none [default], base64.\n"; #8.0 print "--mailto : Mail report to .\n"; print "--archives: Use archived log files too.\n"; print "--filename : Used to specify they filename to save to. --filename [Forces output to file].\n"; print "--range : Date range: Yesterday, Today, All, Help\n"; print " where help will describe additional options\n"; print "--numeric: Display addresses numerically rather than symbolically and numerically\n"; print " (saves a nameserver address-to-name lookup).\n"; print "--debug : Debug Level - High, Med, Low or any #.\n"; print "--hostformat: Host Based Report Options - none [default], split, splitmail.\n"; #8.0 print "--hostlimit: Limit report to hostname - host1,host2.\n"; #8.0 print "--hostname: overwrites hostname\n"; print "--html_wrap : Default is 80.\n"; print "--version: Displays current version.\n"; print "--help: This message.\n"; print "--usage: Same as --help.\n"; print "* = Switch can be specified multiple times...\n\n"; exit (99); } ############################################################################ #END sub Usage ############################################################################# ############################################################################# #sub initprint # ############################################################################# sub initprint { return if $printing; my $OStitle; $OStitle = $OSname; $OStitle = "Solaris" if ($OSname eq "SunOS" && $release >= 2); if ($Config{'output'} eq "stdout") { #8.0 start with others? *OUTFILE = *STDOUT; } elsif ($Config{'output'} eq "file") { open(OUTFILE,">>" . $Config{'filename'}) or die "Can't open output file: $Config{'filename'} $!\n"; } else { #fixme mailto if (($Config{'hostformat'} eq "splitmail") || ($emailopen eq "")) { #Use mailer = in logwatch.conf to set options. Default should be "sendmail -t" #In theory this should be able to handle many different mailers. I might need to add #some filter code on $Config{'mailer'} to make it more robust. -mgt open(OUTFILE,"|$Config{'mailer'}") or die "Can't execute $Config{'mailer'}: $!\n"; my $mailto = $Config{"mailto_$Config{'hostname'}"}; $mailto = $Config{'mailto'} unless $mailto; for my $to (split(/ /, $mailto)) { print OUTFILE "To: $to\n"; } print OUTFILE "From: $Config{'mailfrom'}\n"; #If $Config{'subject'} exists lets use it. #This does not allow for variable expansion as the default below does -mgt if ($Config{'subject'}) { print OUTFILE "Subject: $Config{'subject'}\n"; } else { print OUTFILE "Subject: Logwatch for $Config{'hostname'} (${OStitle})\n"; } #Add headers to recognize automatically generated email print OUTFILE "Auto-Submitted: auto-generated\n"; print OUTFILE "Precedence: bulk\n"; #Add MIME $out_mime = "MIME-Version: 1.0\n"; #Config{encode} switch if ( $Config{'encode'} eq "base64" ) { $out_mime .= "Content-transfer-encoding: base64\n"; } else { $out_mime .= "Content-Transfer-Encoding: 7bit\n"; } #Config{output} html if ( $Config{'format'} eq "html" ) { $out_mime .= "Content-Type: text/html; charset=\"iso-8859-1\"\n\n"; } else { $out_mime .= "Content-Type: text/plain; charset=\"iso-8859-1\"\n\n"; } if ($Config{'hostformat'} eq "split") { #8.0 check hostlimit also? or ne none? print OUTFILE "Reporting on hosts: @hosts\n"; } $emailopen = 'y'; } #End if hostformat || emailopen } #End if printing/save/else $printing = 'y'; # simple parse of the dates my $simple_timematch = &TimeFilter(" %Y-%b-%d %Hh %Mm %Ss "); my @simple_range = split(/\|/, $simple_timematch); if ($#simple_range > 1) { # delete all array entries, except first and last splice(@simple_range, 1, $#simple_range-1); } for (my $range_index=0; $range_index<$#simple_range+1; $range_index++) { $simple_range[$range_index] =~ s/\.\.[hms]//g; $simple_range[$range_index] =~ s/\.//g; $simple_range[$range_index] =~ tr/--//s; $simple_range[$range_index] =~ s/ -|- //; $simple_range[$range_index] =~ tr/ //s; } my $print_range = join("/",@simple_range); $index_par++; if ( $Config{'format'} eq "html" ) { &output( $index_par, "LOGWATCH Summary" . (($Config{'hostformat'} ne "none") ? ": $Config{'hostname'}" : ""), "start"); &output( $index_par, " Logwatch Version: $Version ($VDate)\n", "line"); } else { &output( $index_par, "\n ################### Logwatch $Version ($VDate) #################### \n", "line"); } &output( $index_par, " Processing Initiated: " . localtime(time) . "\n", "line"); &output( $index_par, " Date Range Processed: $Config{'range'}\n", "line"); &output( $index_par, " $print_range\n", "line") if ($Config{'range'} ne 'all'); &output( $index_par, " Period is " . &GetPeriod() . ".\n", "line") if ($Config{'range'} ne 'all'); &output( $index_par, " Detail Level of Output: $Config{'detail'}\n", "line"); &output( $index_par, " Type of Output/Format: $Config{'output'} / $Config{'format'}\n", "line"); &output( $index_par, " Logfiles for Host: $Config{'hostname'}\n", "line"); if ( $Config{'hostlimit'} ) { &output( $index_par, " Hosts limited to: $Config{'hostlimit'}\n", "line"); } if ( $Config{'format'} eq "html" ) { &output( $index_par, "\n", "stop"); } else { &output( $index_par, "################################################################## \n", "line"); } } #################################################################### #END sub initprint #################################################################### ################################################################### #sub parselogs # ################################################################### sub parselogs { my $Service; #Load our ignore file order is [assume normal install] /etc/conf, /usr/share/logwatch/dist.conf and then default.conf -mgt my @IGNORE; if ( -e "$ConfigDir/conf/ignore.conf") { open( IGNORE, "$ConfigDir/conf/ignore.conf" ) or return undef; @IGNORE = grep {!/(^#|^\s+$)/} ; close IGNORE; } elsif ( -e "$BaseDir/dist.conf/ignore.conf") { open( IGNORE, "$BaseDir/dist.conf/ignore.conf" ) or return undef; @IGNORE = grep {!/(^#|^\s+$)/} ; close IGNORE; } elsif ( -e "$BaseDir/default.conf/ignore.conf") { open( IGNORE, "$BaseDir/default.conf/ignore.conf" ) or return undef; @IGNORE = grep {!/(^#|^\s+$)/} ; close IGNORE; } my @EnvList = (); # first sort alphabetically, and then based on DisplayOrder foreach $Service ( sort {$ServiceData{$a}{'displayorder'} <=> $ServiceData{$b}{'displayorder'} } (sort @ServiceList)) { my $Ignored = 0; $ENV{'PRINTING'} = $printing; if (defined $ServiceData{$Service}{'detail'}) { $ENV{'LOGWATCH_DETAIL_LEVEL'} = $ServiceData{$Service}{'detail'}; } else { $ENV{'LOGWATCH_DETAIL_LEVEL'} = $ENV{'LOGWATCH_GLOBAL_DETAIL'}; } @FileList = @{$ServiceData{$Service}{'logfiles'}}; my $FileText = ""; foreach $ThisFile (@FileList) { if (-s $TempDir . $ThisFile) { $FileText .= ( $TempDir . $ThisFile . " "); } } # remove the ENV entries set by previous service foreach my $Parm (@EnvList) { delete $ENV{$Parm}; } @EnvList = (); my $FilterText = " "; foreach (sort keys %{$ServiceData{$Service}}) { my $cmd = $_; if ($cmd =~ s/^\d+-\*//) { if (-f "$ConfigDir/scripts/shared/$cmd") { $FilterText .= ("$PerlVersion $ConfigDir/scripts/shared/$cmd '$ServiceData{$Service}{$_}' |" ); } elsif (-f "$BaseDir/scripts/shared/$cmd") { $FilterText .= ("$PerlVersion $BaseDir/scripts/shared/$cmd '$ServiceData{$Service}{$_}' |" ); } else { die "Cannot find shared script $cmd\n"; } } elsif ($cmd =~ s/^\$//) { $ENV{$cmd} = $ServiceData{$Service}{$_}; push @EnvList, $cmd; if ($Config{'debug'}>4) { print "export $cmd='$ServiceData{$Service}{$_}'\n"; } } } # ECP - insert the host stripping now my $HostStrip = " "; if ($Config{'hostformat'} ne "none") { #8.0 ############################################### # onlyhost reads $ENV{'LOGWATCH_ONLY_HOSTNAME'} and uses it to try and match # based on $line =~ m/^... .. ..:..:.. $hostname\b/io ############################################### $HostStrip = "$PerlVersion $BaseDir/scripts/shared/onlyhost"; } my $ServiceExec = "$BaseDir/scripts/services/$Service"; if (-f "$ConfigDir/scripts/services/$Service") { $ServiceExec = "$ConfigDir/scripts/services/$Service"; } else { $ServiceExec = "$BaseDir/scripts/services/$Service"; } if (-f $ServiceExec ) { #If shell= was set in service.conf we will use it if ($ServiceData{$Service}{shell}) { my $shelltest = $ServiceData{$Service}{shell}; $shelltest =~ s/([\w\/]+).*/$1/; if (-e "$shelltest") { $FilterText .= "$ServiceData{$Service}{shell} $ServiceExec"; } else { die "Can't use $ServiceData{$Service}{shell} for $ServiceExec"; } } else { $FilterText .= "$PerlVersion $ServiceExec"; } #End if shell } else { die "Can't open: " . $ServiceExec; } my $Command = ''; if (! @FileList) { output(1, "\n Warning: LogFile of service $ServiceData{$Service}{title} is not defined.\n", "line"); } else { if ($FileList[0] eq 'none') { $Command = " $FilterText 2>&1 "; } elsif ($FileText) { if ($HostStrip ne " ") { $Command = " ( $Config{'pathtocat'} $FileText | $HostStrip | $FilterText) 2>&1 "; } else { $Command = " ( $Config{'pathtocat'} $FileText | $FilterText) 2>&1 "; } } } if ($Command) { if ($Config{'debug'}>4) { print "\nProcessing Service: " . $Service . "\n" . $Command . "\n"; } open (TESTFILE,$Command . " |"); my $ThisLine; my $has_output = 0; LINE: while (defined ($ThisLine = )) { next LINE if ((not $printing) and $ThisLine =~ /^\s*$/); IGNORE: for my $ignore_filter (@IGNORE) { chomp $ignore_filter; if ($ThisLine =~ m/$ignore_filter/) { $Ignored++; next LINE; } } &initprint(); if (($has_output == 0) and ($ServiceData{$Service}{'title'})) { $index_par++; &output($index_par, $ServiceData{$Service}{'title'}, "start" ); my $BeginVar; if ($ENV{'LOGWATCH_GLOBAL_DETAIL'} == $ENV{'LOGWATCH_DETAIL_LEVEL'}) { $BeginVar = "Begin"; } else { $BeginVar = "Begin (detail=" . $ENV{'LOGWATCH_DETAIL_LEVEL'} . ")"; } if ( $Config{'format'} eq "html" ) { #BODY #&output( $index_par, "\n

$ServiceData{$Service}{'title'}

\n", "header"); } else { &output( $index_par, "\n --------------------- $ServiceData{$Service}{'title'} $BeginVar ------------------------ \n\n", "line"); } $has_output = 1; } &output( $index_par, $ThisLine, "line"); } close (TESTFILE); if ($has_output and $ServiceData{$Service}{'title'}) { if ( $Config{'format'} eq "html" ) { if ( ($Ignored > 0) && ($Config{'supress_ignores'} == 0) ) { &output( $index_par, "\n $Ignored Ignored Lines\n", "header"); }; #&output( $index_par, "\n

$ServiceData{$Service}{'title'} End

\n", "header"); } else { if ( ($Ignored > 0) && ($Config{'supress_ignores'} == 0) ) { &output( $index_par, "\n $Ignored Ignored Lines\n", "line"); }; &output( $index_par, "\n ---------------------- $ServiceData{$Service}{'title'} End ------------------------- \n\n", "line"); } &output( $index_par, "\n", "stop"); } } } #HTML should be external to logwatch.pl -mgt #These are steps only needed for HTML output if ( $Config{'format'} eq "html" ) { #HEADER #Setup temp Variables to swap my %HTML_var; $HTML_var{Version} = "$Version"; $HTML_var{VDate} = "$VDate"; #open template this needs to allow directory override like the rest of the confs open(HEADER, "$Config{html_header}") || die "Can not open HTML Header at $Config{html_header}: $!\n"; my @header =
; close HEADER; #Expand variables... There must be a better way -mgt for my $header_line (@header) { $header_line =~ s/\$([\w\_\-\{\}\[\]]+)/$HTML_var{$1}/g; $out_head .= $header_line; } #FOOTER #open template this needs to allow directory override like the rest of the confs open(FOOTER, "$Config{html_footer}") || die "Can not open HTML Footer at $Config{html_header}: $!\n"; my @footer =