====== 24.04 Logwatch Install ====== Logwatch is a handy utility that can parse the system logs and send you details of system errors or issues with the server. Lets stick this on and set it up to mail the logs to an email address daily. sudo apt install logwatch As part of the installation, logwatch will install the postfix mailer which we need to configure on install. We will choose the option '''satellite system''' Set the System mail name = your solaris.scottworld.net For the mail outgoing mail to relay correctly we need to set a '''relayhost''' When prompted for the relay host, enter: [ssl0.ovh.net]:465 Next we need to change a few parameters sudo nano /etc/postfix/main.cf Modify the parameters below # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on # fresh installs. compatibility_level = 3.6 # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level=may smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level=encrypt smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_wrappermode = yes smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = solaris.scottworld.net alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = solaris.scottworld.net, $myhostname, solaris, localhost.localdomain, localhost relayhost = [ssl0.ovh.net]:465 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only inet_protocols = all # Added to authentice SMTP with OVH smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous # Added to re-map senders sender_canonical_maps = regexp:/etc/postfix/sender_rewrite Create a file nano /etc/postfix/sasl_passwd add the host and the account details. ssl0.ovh.net root@scottworld.net:password Execute the command (to refresh the password table) postmap /etc/postfix/sasl_passwd ===== Alias the sender account if needed by your ISP ===== If you dont have authorisation on your SMTP relay to send mail for the standard sender account (in this case root@scottworld.net) you can alias it. Now create /etc/postfix/sender_rewrite sudo nano /etc/postfix/sender_rewrite And add the following to allow the replay host to not be rejected as we don't own the address root@scottworld.net (this will alias the outgoing address) /.*/ root@scottworld.net Then run the following to enable the re-write. postmap /etc/postfix/sender_rewrite Restart postfix systemctl restart postfix.service ==== Testing ==== You can now test logwatch and the email functionality is working with the following command. logwatch --detail Med --mailto mark@scottworld.net Monitor email errors with tail -f /var/log/mail.log === Emailing Tweaks === We may want to catch mail errors, so we need to set up a root mailing account and a few mail utilities. We should be good citizens and set this up as it will collect bounced emails. sudo apt-get install mailutils Install the mutt mail reader sudo apt-get install mutt Check 'roots' mailbox sudo touch /var/mail/root sudo chown root:root /var/mail/root mutt -f /var/mail/root You can test this by sending a mail to root@servername and reading it with mutt. == Configure Logwatch Daily Reports == Create a file /etc/logwatch/conf/logwatch.conf Add the following MailTo = mark@scottworld.net MailFrom = root@scottworld.net Detail = Med Format = text Range = since 24 hours ago for those hours Service = All Service = -audit Service = -http Service = -sshd Service = -pam_unix Now we can make some changes to the level of logging for each service /etc/logwatch/conf/override.conf Add this line to tone down the logging services/fail2ban: Detail = 1 Add a script for SMARTD error reporting /etc/logwatch/conf/services/smartd.conf Set the following to change the log file and reporting LogFile = LogFile = none *JournalCtl = "--output=cat --no-pager --unit=smartmontools.service" Update the named script to fix issues with qname minimization wget -O /etc/logwatch/scripts/services/named https://sourceforge.net/p/logwatch/git/ci/master/tree/scripts/services/named?format=raw sed -i 's/DoLookup/#DoLookup/' /etc/logwatch/scripts/services/named sed -i -e '/minimization/s/failure/.*/' /etc/logwatch/scripts/services/named Add a script for NAMED error reporting /etc/logwatch/conf/services/named.conf Set the following to change the log file and reporting LogFile = LogFile = syslog