Hello,
I have been trying for a day or so to get logwatch to report on ssh logins. Still unsuccessful at this point.
I haven't been able to find much information on why this might be, but I have a theory...
As of Fedora 20, syslog was abandoned in favour of journalctl...?? which (I think) explains why there is no /var/log/secure on my Amahi 8/Fedora 21 install. And I'm pretty sure the logwatch ssh service looks for logs in /var/log/secure.
I got to this point because I followed the directions in the SSH Email Alerts wiki page and thought it would be nice to have a daily summary of successful and failed logins, instead of one email per (successful) login.
Does anyone have any experience using logwatch with Fedora 20+ and/or journalctl?
Or is there something that would be better suited to work with journalctl?
SOLVED: Logwatch and Fedora 20+??
Re: Logwatch and Fedora 20+??
You might want to check out Monitor system logs wia email in the wiki.
I use Logwatch and it reports total SSH logins for me. It may be you need to set the log detail variable to med or high.
I use Logwatch and it reports total SSH logins for me. It may be you need to set the log detail variable to med or high.
SSHD
Users logging in through sshd:
amahi:
x.x.x.x: 3 times
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Re: Logwatch and Fedora 20+??
Yes, I was using High, but just from the command line (i.e. report to stdout).
I'll take a look at the wiki page. Thanks.
I'll take a look at the wiki page. Thanks.
Re: Logwatch and Fedora 20+??
Ok well I use email with high and it provides me the SSH logins.
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Re: Logwatch and Fedora 20+??
I tried an email report with High detail, still only reports on samba, yum, and "Disk Space" services (even though the logwatch config is still services=all (the default)).Ok well I use email with high and it provides me the SSH logins.
Do you have a /var/log/secure dir?
Do you have rsyslog or syslog-ng installed?
I don't have any of the above, just wondering which way I should go.
As I understand it, you can install rsyslog/syslog-ng to get the system to log to the files that syslog used to log to. Seems like that would be redundant... but maybe that's the path of least resistance.
Thanks.
Re: Logwatch and Fedora 20+??
YesDo you have a /var/log/secure dir?
Yes rsyslog is installed.Do you have rsyslog or syslog-ng installed?
I did not install anything manually, so either an app or something else must have added that package.
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Re: Logwatch and Fedora 20+??
Interesting. Ok, thank you for the info. Good to know that I can go that route.
I may still look into using the native logging in Fedora with logwatch (or something similar). I'll report back with any findings... you know, for posterity.
Thanks again.
I may still look into using the native logging in Fedora with logwatch (or something similar). I'll report back with any findings... you know, for posterity.
Thanks again.
Re: Logwatch and Fedora 20+??
No problem.
Will close this thread as it's resolved.
Will close this thread as it's resolved.
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Who is online
Users browsing this forum: No registered users and 60 guests