====== 24.04 Logwatch Install ======
Logwatch is a handy utility that can parse the system logs and send you details of system errors or issues with the server. Lets stick this on and set it up to mail the logs to an email address daily.
sudo apt install logwatch
As part of the installation, logwatch will install the postfix mailer which we need to configure on install. We will choose the option '''satellite system'''
Set the System mail name = your solaris.scottworld.net
For the mail outgoing mail to relay correctly we need to set a '''relayhost'''
When prompted for the relay host, enter:
[ssl0.ovh.net]:465
Next we need to change a few parameters
sudo nano /etc/postfix/main.cf
Modify the parameters below
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level=may
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = solaris.scottworld.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = solaris.scottworld.net, $myhostname, solaris, localhost.localdomain, localhost
relayhost = [ssl0.ovh.net]:465
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all
# Added to authentice SMTP with OVH
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
# Added to re-map senders
sender_canonical_maps = regexp:/etc/postfix/sender_rewrite
Create a file
nano /etc/postfix/sasl_passwd
add the host and the account details.
ssl0.ovh.net root@scottworld.net:password
Execute the command (to refresh the password table)
postmap /etc/postfix/sasl_passwd
===== Alias the sender account if needed by your ISP =====
If you dont have authorisation on your SMTP relay to send mail for the standard sender account (in this case root@scottworld.net) you can alias it.
Now create /etc/postfix/sender_rewrite
sudo nano /etc/postfix/sender_rewrite
And add the following to allow the replay host to not be rejected as we don't own the address root@scottworld.net (this will alias the outgoing address)
/.*/ root@scottworld.net
Then run the following to enable the re-write.
postmap /etc/postfix/sender_rewrite
Restart postfix
systemctl restart postfix.service
==== Testing ====
You can now test logwatch and the email functionality is working with the following command.
logwatch --detail Med --mailto mark@scottworld.net
Monitor email errors with
tail -f /var/log/mail.log
=== Emailing Tweaks ===
We may want to catch mail errors, so we need to set up a root mailing account and a few mail utilities. We should be good citizens and set this up as it will collect bounced emails.
sudo apt-get install mailutils
Install the mutt mail reader
sudo apt-get install mutt
Check 'roots' mailbox
sudo touch /var/mail/root
sudo chown root:root /var/mail/root
mutt -f /var/mail/root
You can test this by sending a mail to root@servername and reading it with mutt.
== Configure Logwatch Daily Reports ==
Create a file
/etc/logwatch/conf/logwatch.conf
Add the following
MailTo = mark@scottworld.net
MailFrom = root@scottworld.net
Detail = Med
Format = text
Range = since 24 hours ago for those hours
Service = All
Service = -audit
Service = -http
Service = -sshd
Service = -pam_unix
Now we can make some changes to the level of logging for each service
/etc/logwatch/conf/override.conf
Add this line to tone down the logging
services/fail2ban: Detail = 1
Add a script for SMARTD error reporting
/etc/logwatch/conf/services/smartd.conf
Set the following to change the log file and reporting
LogFile =
LogFile = none
*JournalCtl = "--output=cat --no-pager --unit=smartmontools.service"
Update the named script to fix issues with qname minimization
wget -O /etc/logwatch/scripts/services/named https://sourceforge.net/p/logwatch/git/ci/master/tree/scripts/services/named?format=raw
sed -i 's/DoLookup/#DoLookup/' /etc/logwatch/scripts/services/named
sed -i -e '/minimization/s/failure/.*/' /etc/logwatch/scripts/services/named
Add a script for NAMED error reporting
/etc/logwatch/conf/services/named.conf
Set the following to change the log file and reporting
LogFile =
LogFile = syslog