• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Plesk and Logwatch

J

jochen35

New Pleskian
Hello,

on my VPS with Debian 7.0 and Plesk running 11.5.30 provides include the following.

Apache, Postfix, Courier-POP3, Courier-IMAP, SpamAssassin

For the user the following protocols or services are accessible via iptables.

https (not http), ftp, imap (ssl only) smtp, smtps

Now I have installed on the VPS Logwatch, but the reports are obviously not complete, it obviously lacks the logs for https, smtp, imap and smtps sessions and also I always have a lot of "Unmatched Entries" for proftpd.

What I have possibly missed?

greeting
Jochen


/usr/share/logwatch/default.conf/logwatch.conf
Code: 
LogDir = /var/log
TmpDir = /var/cache/logwatch
Output = stdout
Format = text
Encode = none
MailTo = root
MailFrom = Logwatch
Range = yesterday
Detail = Low
Service = All
Service = "-zz-network"
Service = "-zz-sys"
Service = "-eximstats"
mailer = "/usr/sbin/sendmail -t"
/etc/cron.daily/00logwatch
Code: 
#!/bin/bash
test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
/usr/sbin/logwatch --output mail
Example-Report
Code: 
################### Logwatch 7.4.0 (05/02/12) ####################
Processing Initiated: Wed May 28 03:24:04 2014
Date Range Processed: yesterday
( 2014-May-27 )
Period is day.
Detail Level of Output: 10
Type of Output/Format: mail / text
Logfiles for Host: v12345.myhoster.de
##################################################################

--------------------- Cron Begin ------------------------

Commands Run:
User root:
[ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -ignore_readdir_race -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete: 48 Time(s)
/opt/psa/admin/bin/php -c '/opt/psa/admin/conf/php.ini' -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/plesk-mobile/scripts/push_worker.php': 144 Time(s)
[ -x /opt/psa/admin/sbin/backupmng ] && /opt/psa/admin/sbin/backupmng >/dev/null 2>&1: 96 Time(s)
cd / && run-parts --report /etc/cron.hourly: 24 Time(s)
test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ): 1 Time(s)
test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt: 1 Time(s)
User v12345:

---------------------- Cron End -------------------------


--------------------- httpd Begin ------------------------

0.02 MB transferred in 156 responses (1xx 0, 2xx 139, 3xx 0, 4xx 17, 5xx 0)
2 Content pages (0.00 MB),
154 Other (0.02 MB)

Attempts to use known hacks by 1 hosts were logged 15 time(s) from:
x.x.x.x: 15 Time(s)
^null$ 15 Time(s)

A total of 1 sites probed the server
x.x.x.x

Requests with error response codes
400 Bad Request
/: 2 Time(s)
408 Request Timeout
null: 15 Time(s)

---------------------- httpd End -------------------------


--------------------- pam_unix Begin ------------------------

cron:
Sessions Opened:
v12345: 576 Time(s)
root: 314 Time(s)

proftpd:
Unknown Entries:
session closed for user user123: 1524 Time(s)
session opened for user user123 by (uid=0): 1524 Time(s)

su:
Sessions Opened:
root -> popuser: 22 Time(s)
root -> v12345: 1 Time(s)


---------------------- pam_unix End -------------------------


--------------------- proftpd-messages Begin ------------------------


User FTP Logins:
x.x.x.x: user123 - 1501 Time(s)
x.x.x.x: user123 - 23 Time(s)

**Unmatched Entries**
pam_unix(proftpd:session): session opened for user user123 by (uid=0)
pam_unix(proftpd:session): session closed for user user123
pam_unix(proftpd:session): session opened for user user123 by (uid=0)
pam_unix(proftpd:session): session closed for user user123
pam_unix(proftpd:session): session opened for user user123 by (uid=0)
pam_unix(proftpd:session): session closed for user user123
pam_unix(proftpd:session): session opened for user user123 by (uid=0)
.
.
.

---------------------- proftpd-messages End -------------------------


--------------------- Disk Space Begin ------------------------

Filesystem Size Used Avail Use% Mounted on
/dev/vzfs 80G 12G 69G 15% /
none 2.0G 4.0K 2.0G 1% /dev


---------------------- Disk Space End -------------------------


###################### Logwatch End #########################
 
You must log in or register to reply here.

Similar threads

J
Resolved Logs and proFtpd
Replies
5
Views
536
JuanCar
J
M
Question Upgrade MariaDB 10.3 to 10.11 via Plesk 18.0.61 on Debian 10
Replies
1
Views
603
Kaspar@Plesk
Kaspar@Plesk
M
Issue Scheduled backups
Replies
16
Views
1K
Manija
M
carini
Issue Using Scaleway S3 for Plesk backups
Replies
1
Views
193
Maarten
M
S
Issue Too many connections (Several plesk servers same problem in the last week)
Replies
8
Views
1K
SalvadorS
S
Back
Top