similar to: Interpreting logwatch

It appears to be a low-level attack, not so frequent as to be banned permanently, just a number of times a day. I did google on this, and I gather it's looking for phpmyadmin. We've been getting one from one specific network in Russia for weeks Here are more information about 91.201.64.24: [Querying whois.ripe.net] [whois.ripe.net] <snip> % Information related to '91.201.64.0

Hi All, I want to know thoughts on if I am being to paranoid/security conscious. CentOS 5.6, Apache, MySQL, running an Firewall in front of everything and obviously the built-in firewall on the box. I have ssh on a different port and starting to use Keys instead of password authentication. I host an intensive website and I am getting about 150 unique visitors per day. What I am seeing is

So I have this nice, simple web server up running. Its purpose is to allow me external testing with HIP, and to provide some files for external distribution. Of course, there it is sitting on port 80 and the attacks are coming in per logwatch report. Examples from the report include: Requests with error response codes 404 Not Found //phpMyAdmin-2.5.1/scripts/setup.php: 1

Found an error or two from my logwatch report from yesterday, thought I would share this in hopes this is just first time run of the problem I noticed in the Kernel report section... Also not sure why there's an issue with automount either.... but I guess I could ask on that issue as well. I am not worried about the NAMED error, this is something that happens due to one of the services that

Logwatch is installed, and I am assuming by how empty /etc/logwatch is that it is running from defaults, which I find in /usr/share/logwatch/default.conf/services I want to customize ONE service. dovecot. Do I copy /usr/share/logwatch/default.conf/services/dovecot.conf to /etc/logwatch/conf/services and edit it there, or do I have to copy ALL default.conf/services/* there and modify

Hello I am trying to get logwatch working on CentOS 8. System is fully updated. Usually install minimal version and then add only necessary with yum. On CentOS 7: install logwatch and get daily logwatch report on mail. On CentOS 8: install logwatch but no way to get mail. Am I doing something wrong? Or miss something? Thanks in advance Blaz

The Logwatch imapd service script distributed with CentOS-6 does not generate anything when I run logwatch --service all on a cyrus-imapd host. Is this expected behaviour? Is there a separate script for cyrus-imapd or are their configuration options required to get the existing script to work. I have found an ancient (2004) logwatch service script for cyrus-imapd but I was sort of hoping that

After some experimenting I have observed that overriding settings from /usr/share/logwatch/default.conf/logwatch.conf in /etc/logwatch/conf/logwatch.conf does not produce consistent results. For example, if I replace the default detail configuration in etc/logwatch/conf/logwatch.conf with: Detail = High It does indeed change the level of detail from the default Low set in

CentOS-6.6 Can logwatch be configured to display the system uptime as part of the reporting prologue? If not then what would be the recommended way of including this information in a daily logwatch report? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne

Hi All, I need to be able to make sense from my shorewall logs. I have installed logwatch and it is mailing me reports but the level of detail is just not there. I have set the detail variable to High=10 but I get entries only from the DNS service about denied updates. What am I getting wrong? Tom, will you be kind enough to send me your logwatch config files? Thanks in advance. Ama

I am trying to get a logwatch summary emailed to a central address from a cron job. The tasd was copied verbatim from a system which does this already. Both are shown below. host1 crontab -l as root 45 7 * * * /usr/sbin/logwatch --service http --service imapd --service pop3 --service sshd --service vsftpd --service zz-disk_space --service zz-network --service zz-sys --mailto support at

I'm trying to get usable reports out of logwatch on this new system. Looks like the reports are running in an 'unformatted' mode under Postfix/Amavisd. I found a couple of programs, postfix-logwatch and amavisd-logwatch. These sound promising. I am running Amavisd as the frontend to Postfix. Is anybody running either of these as a logwatch filter? If so, is it repetitive to run

CentOS 6 (amd64) up to date with latest security / bug fixes. The logwatch reports come in plain text even though the config states HTML. <begin /etc/logwatch/conf/logwatch.conf> mailer = "/usr/sbin/sendmail -t" TmpDir = /tmp MailFrom = logwatch at example.com MailTo = admin1 admin2 admin3 Range = yesterday Detail = Medium HostName = www.example.com Print = No Output = mail

Hi all, Last week I have migrated 5 CentoS 6.2 servers to CentOS 6.3. In all of them, I receive every day problems with logwatch: /etc/cron.daily/0logwatch: Can't exec "sendmail": No such file or directory at /usr/sbin/logwatch line 1040, <TESTFILE> line 1. Can't execute sendmail -t: No such file or directory It is really strange, because I am using default config ...

Hello, I am using multiple files for logging activities for named daemon. The files are in /var/named/chroot/var/log/named/, for example /var/named/chroot/var/log/named/general.log. I am trying to make logwatch look into them. I have created /usr/share/logwatch/default.conf/logfiles/named.conf like this: LogFile = /var/named/chroot/var/log/named/general.log *ExpandRepeats *OnlyHost

Hi, # uname -a Linux obfuscated.example.com 2.6.18-128.4.1.el5 #1 SMP Tue Aug 4 20:23:34 EDT 2009 i686 i686 i386 GNU/Linux I noticed a few days ago that I'm not getting my logwatch emails to the root account any longer, and while I've definitely been applying updates from base, no other changes have happened on this box. I ran logwatch at the command line: logwatch --detail medium

Hi all, Well it took a while for me to figure it out, but apparently my logwatch no longer can be mailed locally on my computer as I believe spamassassin is eating it. I can send it out to an email address outside my server though. So spamassassin is only checking incoming I guess. My question is....how do I...or should I.... Make all local mail go straight to the boxes and skip spamasassin

Hello everyone - I am stumped ... Does anyone have suggestions on how to proceed? Is there a way to get what I want? The environment: CentOS 7.0 with latest patches. The goal: I want logwatch to include a report on the status of kvm virtual computers. The problem: When run from anacron, SELinux denies permission for the virsh utility. Here is a portion of the logwatch output:

Don't remember if I already wrote about this. But ran into it tonibhg again. Logwatch as distributed with CentOS expects yum log files in different format. As result, logwatch will not report anything. The patch is really simple (and attached). Hopefully it'll be part of 4.3 (if not sooner). The upstream is not likely to patch it, since they don't distribute yum at all.

On Sunday, April 19, 2015 15:46:29 Joseph L. Casale wrote: > > Can anyone point me to where my mistake is? > > First, you are creating overrides, or site specific definitions in the > platform directory. Don't do that, the distro owns and maintains this. Put > your new code in /etc/logwatch, man 8 logwatch for explanation. > > Finally, you don't show is the script