Logwatch is a customizable log analysis system. Logwatch parses through your system’s logs and creates a report analyzing areas that you specify. Logwatch is easy to use and will work right out of the package on most systems. This guide shows you how to get it up and running on a DNS-320, or any other device running fun_plug.
Configuring System Mail via Gmail
Logwatch needs to be able to send the generated reports via email – if you haven’t setup a mail relay on your fun_plug box then the easiest route is to configure msmtp (a built in SMTP client) and relay your email through an external SMTP provider (in my case, Gmail). If you can already send email from your fun_plug server then just skip over this step.
Start by configuring msmtp.
mkdir -p /ffp/etc/msmtp touch /ffp/etc/msmtp/msmtp.conf chmod 600 /ffp/etc/msmtp/msmtp.conf nano /ffp/etc/msmtp/msmtp.conf
Use the following msmtp.conf file as a template, replacing it with your own SMTP service provider’s details. As a word of advice, I would suggest that you use a separate account just for relaying outgoing email, rather than putting your primary email account’s credentials in a the config file.
# Set gmail default values defaults tls on tls_certcheck off # Gmail account parameters account default host smtp.gmail.com port 587 from firstname.lastname@example.org auth on user email@example.com password yourgmailpassword # set log file logfile /ffp/etc/msmtp/msmtp.log
The final step is to create a wrapper for sendmail, as logwatch (and other system utilities) will expect it to be present when sending outgoing messages.
touch /ffp/bin/sendmail chmod +x /ffp/bin/sendmail nano /ffp/bin/sendmail
#!/ffp/bin/sh exec /usr/bin/msmtp --file=/ffp/etc/msmtp/msmtp.conf --read-recipients $*
Finally we need to create a link to our sendmail wrapper so scripts can find it in the expected location of /usr/sbin/sendmail.
Start off by acquiring the Logwatch sources from their Sourceforge site.
wget http://freefr.dl.sourceforge.net/project/logwatch/logwatch-7.4.0/logwatch-7.4.0.tar.gz tar -zxvf logwatch-7.4.0.tar.gz cd logwatch-7.4.0
Once unpacked, you can run the interactive install script which will guide you through the install process.
chmod +x ./install_logwatch.sh ./install_logwatch.sh
The install script will now ask you where logwatch should be installed to; note that you must specify alternative paths for *all* of these questions to ensure Logwatch is installed to the fun_plug home.
Preparing to install Logwatch Enter the path to the Logwatch BaseDir: /ffp/share/logwatch Enter the path for the Logwatch ConfigDir: /ffp/etc/logwatch Enter the dir name to be used for temp files: /ffp/var/cache/logwatch Enter the location of perl [/usr/bin/perl]: /ffp/bin/perl Enter the dir name to used for the manpage: /ffp/share/man
Once installed, you may wish to change the recipient email address to which the Logwatch reports are emailed, this can be configured in the
TmpDir = /ffp/var/cache/logwatch MailTo = firstname.lastname@example.org MailFrom = email@example.com
Once configured, you can test logwatch by issuing:
logwatch --output stdout --detail medium --debug 5 --range today | more
This will output straight to the command line and should flag up any potential issues with your system’s configuration.
The final step is to add logwatch to your system’s cron, so it automatically runs. Getting cron to work on a fun_plug install can be a touch tricky (thanks to /var being overwritten on reboot).
# Logwatch report at 3am, daily. 0 3 * * * /ffp/etc/logwatch/logwatch.cron >/dev/null 2>&1