Hi to all, so how about Logwatch and send statistic to admin mail box
I have logwatch in one of my NethServer. It works, but it misses some informations due to some logfile name changes.
You could try with:
yum install logwatch
Let me know, I could go and check my config.
################### Logwatch 7.4.0 (05/02/12) ####################
Processing Initiated: Wed Jun 17 06:25:05 2015
Date Range Processed: yesterday
( 2015-Jun-16 )
Period is day.
Detail Level of Output: 0
Type of Output/Format: mail / text
Logfiles for Host: cerberus
##################################################################
--------------------- Amavisd-new Begin ------------------------
192 Total messages scanned ------------------ 100.00%
35.372M Total bytes scanned 37,090,615
======== ==================================================
192 Passed ---------------------------------- 100.00%
192 Clean passed 100.00%
======== ==================================================
192 Ham ------------------------------------- 100.00%
192 Clean passed 100.00%
======== ==================================================
Unmatched Entries
2 Deleting db files __db.004,__db.003,snmp.db,__db.001,nanny.db,__db.002 in /var/lib/amavis/db
---------------------- Amavisd-new End -------------------------
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Tue Jun 16 23:57:13 2015
Last Status:
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20571, sigs: 1424236, f-level: 63, builder: jesler)
bytecode.cld is up to date (version: 259, sigs: 46, f-level: 63, builder: shurley)
---------------------- clam-update End -------------------------
--------------------- fail2ban-messages Begin ------------------------
Banned services with Fail2Ban: Bans:Unbans
postfix-iredmail: [ 2:0 ]
ssh-iredmail: [ 23:0 ]
---------------------- fail2ban-messages End -------------------------
--------------------- httpd Begin ------------------------
Requests with error response codes
400 Bad Request
/: 2 Time(s)
/tmUnblock.cgi: 1 Time(s)
404 Not Found
/admin/config.php: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Kernel Errors Present
EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro …: 1 Time(s)
Error: Driver ‘pcspkr’ …: 1 Time(s)
---------------------- Kernel End -------------------------
--------------------- OpenVPN Begin ------------------------
Unmatched Entries
Cannot load certificate file client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib: 1 Time(s)
Cannot open dh1024.pem for DH parameters: error:02001002:system library:fopen:No such file or directory: error:2006D080:BIO routines:BIO_new_file:no such file: 1 Time(s)
NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables: 2 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (37.59.230.138): 39 Time(s)
root (dns1.suninfo.com.cn): 6 Time(s)
root (117.21.225.3): 5 Time(s)
root (113.195.145.12): 4 Time(s)
root (218.65.30.92): 4 Time(s)
root (43.255.188.157): 4 Time(s)
root (58.218.211.166): 4 Time(s)
unknown (s15223289.onlinehome-server.info): 4 Time(s)
unknown (68-115-127-18.static.spbg.sc.charter.com): 3 Time(s)
unknown (indiangiftbazaar.com): 3 Time(s)
unknown (ip-208-109-85-13.ip.secureserver.net): 3 Time(s)
unknown (web.taom.ru): 3 Time(s)
unknown (117.218.211.52): 2 Time(s)
unknown (123.231.124.206): 2 Time(s)
unknown (123.49.43.220): 2 Time(s)
unknown (123.49.62.232): 2 Time(s)
unknown (180.210.234.87): 2 Time(s)
unknown (180.250.223.10): 2 Time(s)
unknown (195-154-211-204.rev.poneytelecom.eu): 2 Time(s)
unknown (58.58.33.174): 2 Time(s)
unknown (61.36.159.46): 2 Time(s)
unknown (cpe-76-185-202-57.tx.res.rr.com): 2 Time(s)
unknown (ec2-54-224-185-109.compute-1.amazonaws.com): 2 Time(s)
unknown (mh.qhu.edu.cn): 2 Time(s)
root (117.218.211.52): 1 Time(s)
root (123.231.124.206): 1 Time(s)
root (123.49.43.220): 1 Time(s)
root (123.49.62.232): 1 Time(s)
root (180.210.234.87): 1 Time(s)
root (180.250.223.10): 1 Time(s)
root (58.58.33.174): 1 Time(s)
root (60.214.233.21): 1 Time(s)
root (61.36.159.46): 1 Time(s)
root (68-115-127-18.static.spbg.sc.charter.com): 1 Time(s)
root (cpe-76-185-202-57.tx.res.rr.com): 1 Time(s)
root (ec2-54-224-185-109.compute-1.amazonaws.com): 1 Time(s)
root (indiangiftbazaar.com): 1 Time(s)
root (mh.qhu.edu.cn): 1 Time(s)
root (s15223289.onlinehome-server.info): 1 Time(s)
root (web.taom.ru): 1 Time(s)
sshd (180.210.234.87): 1 Time(s)
unknown (60.214.233.21): 1 Time(s)
unknown (78.202.22.29): 1 Time(s)
unknown (rrcs-67-52-174-10.west.biz.rr.com): 1 Time(s)
Invalid Users:
Unknown Account: 83 Time(s)
Unknown Entries:
1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195-154-211-204.rev.poneytelecom.eu : 1 Time(s)
su:
Sessions Opened:
root -> amavis: 2 Time(s)
root -> debian-spamd: 2 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
13 Miscellaneous warnings
69.948M Bytes accepted 73,345,311
43.214M Bytes sent via SMTP 45,313,146
27.677M Bytes delivered 29,021,568
9.631K Bytes forwarded 9,862
======== ==================================================
367 Accepted 87.59%
52 Rejected 12.41%
419 Total 100.00%
======== ==================================================
31 5xx Reject relay denied 59.62%
21 5xx Reject HELO/EHLO 40.38%
52 Total 5xx Rejects 100.00%
======== ==================================================
2 4xx Reject HELO/EHLO 9.09%
19 4xx Reject recipient address 86.36%
1 4xx Reject sender address 4.55%
22 Total 4xx Rejects 100.00%
======== ==================================================
454 Connections
40 Connections lost (inbound)
454 Disconnections
368 Removed from queue
96 Delivered
288 Sent via SMTP
1 Forwarded
10 Timeouts (inbound)
2 Hostname verification errors (FCRDNS)
84 SASL authenticated messages
Unmatched Entries
1 Jun 16 02:55:17 cerberus postgrey[3645]: Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
SSHD Started: 2 Time(s)
Failed logins from:
43.255.188.157: 6 times
54.224.185.109 (ec2-54-224-185-109.compute-1.amazonaws.com): 1 time
58.58.33.174: 1 time
58.218.211.166: 6 times
60.214.233.21: 1 time
61.36.159.46: 1 time
68.115.127.18 (68-115-127-18.static.spbg.sc.charter.com): 1 time
76.185.202.57 (cpe-76-185-202-57.tx.res.rr.com): 1 time
83.234.207.60 (web.taom.ru): 1 time
87.106.24.113 (s15223289.onlinehome-server.info): 1 time
113.195.145.12: 6 times
117.21.225.3: 5 times
117.218.211.52: 1 time
121.101.208.41 (dns1.suninfo.com.cn): 6 times
123.49.43.220 (host220.btcl.net.bd): 1 time
123.49.62.232 (host232.btcl.net.bd): 1 time
123.231.124.206: 1 time
180.210.234.87: 2 times
180.250.223.10: 1 time
207.210.117.36 (indiangiftbazaar.com): 1 time
210.27.176.25 (mh.qhu.edu.cn): 1 time
218.65.30.92 (92.30.65.218.broad.xy.jx.dynamic.163data.com.cn): 6 times
Illegal users from:
undef: 82 times
37.59.230.138: 39 times
54.224.185.109 (ec2-54-224-185-109.compute-1.amazonaws.com): 2 times
58.58.33.174: 2 times
60.214.233.21: 1 time
61.36.159.46: 2 times
67.52.174.10 (rrcs-67-52-174-10.west.biz.rr.com): 1 time
68.115.127.18 (68-115-127-18.static.spbg.sc.charter.com): 3 times
76.185.202.57 (cpe-76-185-202-57.tx.res.rr.com): 2 times
78.202.22.29 (avc86-1-78-202-22-29.fbx.proxad.net): 1 time
83.234.207.60 (web.taom.ru): 3 times
87.106.24.113 (s15223289.onlinehome-server.info): 4 times
117.218.211.52: 2 times
123.49.43.220 (host220.btcl.net.bd): 2 times
123.49.62.232 (host232.btcl.net.bd): 2 times
123.231.124.206: 2 times
180.210.234.87: 2 times
180.250.223.10: 2 times
195.154.211.204 (195-154-211-204.rev.poneytelecom.eu): 3 times
207.210.117.36 (indiangiftbazaar.com): 3 times
208.109.85.13 (ip-208-109-85-13.ip.secureserver.net): 3 times
210.27.176.25 (mh.qhu.edu.cn): 2 times
Received disconnect:
11: [preauth] : 5 Time(s)
11: Bye Bye [preauth] : 88 Time(s)
11: Normal Shutdown, Thank you for playing [preauth] : 5 Time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
rootfs 322M 213M 93M 70% /
udev 10M 0 10M 0% /dev
/dev/mapper/OpenCLI-root 322M 213M 93M 70% /
/dev/vda1 228M 18M 199M 9% /boot
/dev/mapper/OpenCLI-home 5.9G 865M 4.7G 16% /home
/dev/mapper/OpenCLI-tmp 368M 17M 333M 5% /tmp
/dev/mapper/OpenCLI-usr 5.6G 1.5G 3.8G 28% /usr
/dev/mapper/OpenCLI-var 205G 4.1G 191G 3% /var
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
1 Like
Not bad! 
I think that only iptables is missing (not really useful).
it is from Debian server