How to monitoring log Files? Logwatch + postfix

Created: Aug. 21, 2020, 10:43 a.m.
Update: Oct. 29, 2020, 7:25 p.m.
How to monitoring log files of many servers?

How to monitoring log files of many servers?

The best and easy way to this is receive by email daily the report of syslog.

Enviromment variables

sudo is required
domain mydomain.com
email admin admin@mydomain.com
email account  notify@mydomain.com
email pass        123456

Logwatch + Postfix (Satelite/SmartHost)

https://www.linode.com/docs/email/postfix/postfix-smtp-debian7/
https://help.ubuntu.com/community/Logwatch
Postfix = Satelite = SmartHost
$ dpk-reconfigure postfix

New Alias

Add line at the end of file. This is a redirect for admin of domain.
$ vim /etc/alias
root: admin@domain.com
update alias DB
$ newaliases

OR (AA) edit logwatch script crontab daily

$ vim /etc/cron.daily/00logwatch
add theses lines
# comment /usr/sbin/logwatch --output mail
/usr/sbin/logwatch --mailto admin@mydomain.com
/usr/sbin/logwatch --mailto security@mydomain.com
/usr/sbin/logwatch --mailto other-mail@mydomain.com
...

(AT) Test Logwatch

$ bash /etc/cron.daily/00logwatch

SSMTP - Alternative to setup a email account using a external mail server with user and pass

Alias email is not acceptable in this case!
$ apt-get install ssmtp
change setting
$ vim /etc/ssmtp/ssmtp.conf
root=your@email.com

mailhub = smtp.mydomain.com:587
AuthUser = notify@mydomail.com
AuthPass = 12345
UseTLS = YES
UseSTARTTLS = YES
go to AA to finish logwatch setup then AT to test.


Tiago de Souza Moraes - teago.futuria.com.br - 2020 // CSS by UIKIT CSS