Facebook
Twitter
Hello,
on my VPS with Debian 7.0 and Plesk running 11.5.30 provides include the following.
Apache, Postfix, Courier-POP3, Courier-IMAP, SpamAssassin
For the user the following protocols or services are accessible via iptables.
https (not http), ftp, imap (ssl only) smtp, smtps
Now I have installed on the VPS Logwatch, but the reports are obviously not complete, it obviously lacks the logs for https, smtp, imap and smtps sessions and also I always have a lot of "Unmatched Entries" for proftpd.
What I have possibly missed?
greeting
Jochen
/usr/share/logwatch/default.conf/logwatch.conf
/etc/cron.daily/00logwatch
Example-Report
on my VPS with Debian 7.0 and Plesk running 11.5.30 provides include the following.
Apache, Postfix, Courier-POP3, Courier-IMAP, SpamAssassin
For the user the following protocols or services are accessible via iptables.
https (not http), ftp, imap (ssl only) smtp, smtps
Now I have installed on the VPS Logwatch, but the reports are obviously not complete, it obviously lacks the logs for https, smtp, imap and smtps sessions and also I always have a lot of "Unmatched Entries" for proftpd.
What I have possibly missed?
greeting
Jochen
/usr/share/logwatch/default.conf/logwatch.conf
Code:
LogDir = /var/log
TmpDir = /var/cache/logwatch
Output = stdout
Format = text
Encode = none
MailTo = root
MailFrom = Logwatch
Range = yesterday
Detail = Low
Service = All
Service = "-zz-network"
Service = "-zz-sys"
Service = "-eximstats"
mailer = "/usr/sbin/sendmail -t"
Code:
#!/bin/bash
test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
/usr/sbin/logwatch --output mail
Code:
################### Logwatch 7.4.0 (05/02/12) ####################
Processing Initiated: Wed May 28 03:24:04 2014
Date Range Processed: yesterday
( 2014-May-27 )
Period is day.
Detail Level of Output: 10
Type of Output/Format: mail / text
Logfiles for Host: v12345.myhoster.de
##################################################################
--------------------- Cron Begin ------------------------
Commands Run:
User root:
[ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -ignore_readdir_race -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete: 48 Time(s)
/opt/psa/admin/bin/php -c '/opt/psa/admin/conf/php.ini' -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/plesk-mobile/scripts/push_worker.php': 144 Time(s)
[ -x /opt/psa/admin/sbin/backupmng ] && /opt/psa/admin/sbin/backupmng >/dev/null 2>&1: 96 Time(s)
cd / && run-parts --report /etc/cron.hourly: 24 Time(s)
test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ): 1 Time(s)
test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt: 1 Time(s)
User v12345:
---------------------- Cron End -------------------------
--------------------- httpd Begin ------------------------
0.02 MB transferred in 156 responses (1xx 0, 2xx 139, 3xx 0, 4xx 17, 5xx 0)
2 Content pages (0.00 MB),
154 Other (0.02 MB)
Attempts to use known hacks by 1 hosts were logged 15 time(s) from:
x.x.x.x: 15 Time(s)
^null$ 15 Time(s)
A total of 1 sites probed the server
x.x.x.x
Requests with error response codes
400 Bad Request
/: 2 Time(s)
408 Request Timeout
null: 15 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
cron:
Sessions Opened:
v12345: 576 Time(s)
root: 314 Time(s)
proftpd:
Unknown Entries:
session closed for user user123: 1524 Time(s)
session opened for user user123 by (uid=0): 1524 Time(s)
su:
Sessions Opened:
root -> popuser: 22 Time(s)
root -> v12345: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- proftpd-messages Begin ------------------------
User FTP Logins:
x.x.x.x: user123 - 1501 Time(s)
x.x.x.x: user123 - 23 Time(s)
**Unmatched Entries**
pam_unix(proftpd:session): session opened for user user123 by (uid=0)
pam_unix(proftpd:session): session closed for user user123
pam_unix(proftpd:session): session opened for user user123 by (uid=0)
pam_unix(proftpd:session): session closed for user user123
pam_unix(proftpd:session): session opened for user user123 by (uid=0)
pam_unix(proftpd:session): session closed for user user123
pam_unix(proftpd:session): session opened for user user123 by (uid=0)
.
.
.
---------------------- proftpd-messages End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/vzfs 80G 12G 69G 15% /
none 2.0G 4.0K 2.0G 1% /dev
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################