Amahi Forums

Posted: **Fri Feb 12, 2016 2:00 pm**

Hello,

I have been trying for a day or so to get logwatch to report on ssh logins. Still unsuccessful at this point.
I haven't been able to find much information on why this might be, but I have a theory...

As of Fedora 20, syslog was abandoned in favour of journalctl...?? which (I think) explains why there is no /var/log/secure on my Amahi 8/Fedora 21 install. And I'm pretty sure the logwatch ssh service looks for logs in /var/log/secure.

I got to this point because I followed the directions in the SSH Email Alerts wiki page and thought it would be nice to have a daily summary of successful and failed logins, instead of one email per (successful) login.

Does anyone have any experience using logwatch with Fedora 20+ and/or journalctl?
Or is there something that would be better suited to work with journalctl?

Posted: **Sat Feb 13, 2016 7:47 am**

You might want to check out Monitor system logs wia email in the wiki.

I use Logwatch and it reports total SSH logins for me. It may be you need to set the log detail variable to med or high.

SSHD
Users logging in through sshd:
amahi:
x.x.x.x: 3 times

Posted: **Sat Feb 13, 2016 1:56 pm**

Yes, I was using High, but just from the command line (i.e. report to stdout).

I'll take a look at the wiki page. Thanks.

Posted: **Sat Feb 13, 2016 3:01 pm**

Ok well I use email with high and it provides me the SSH logins.

Posted: **Sun Feb 14, 2016 6:07 am**

Ok well I use email with high and it provides me the SSH logins.

I tried an email report with High detail, still only reports on samba, yum, and "Disk Space" services (even though the logwatch config is still services=all (the default)).

Do you have a /var/log/secure dir?
Do you have rsyslog or syslog-ng installed?

I don't have any of the above, just wondering which way I should go.
As I understand it, you can install rsyslog/syslog-ng to get the system to log to the files that syslog used to log to. Seems like that would be redundant... but maybe that's the path of least resistance.

Thanks.

Posted: **Sun Feb 14, 2016 8:37 am**

Do you have a /var/log/secure dir?

Yes

Do you have rsyslog or syslog-ng installed?

Yes rsyslog is installed.

I did not install anything manually, so either an app or something else must have added that package.

Posted: **Sun Feb 14, 2016 9:25 am**

Interesting. Ok, thank you for the info. Good to know that I can go that route.

I may still look into using the native logging in Fedora with logwatch (or something similar). I'll report back with any findings... you know, for posterity.

Thanks again.

Posted: **Sun Feb 14, 2016 10:45 am**

No problem.

Will close this thread as it's resolved.

Amahi Forums

SOLVED: Logwatch and Fedora 20+??

SOLVED: Logwatch and Fedora 20+??

Re: Logwatch and Fedora 20+??

Re: Logwatch and Fedora 20+??

Re: Logwatch and Fedora 20+??

Re: Logwatch and Fedora 20+??

Re: Logwatch and Fedora 20+??

Re: Logwatch and Fedora 20+??

Re: Logwatch and Fedora 20+??