Hands-on lab – installing Logwatch

To deliver its messages, Logwatch requires that the machine also has a running mail server daemon. Depending on the options you chose when installing the operating system, you might or might not already have the Postfix mail server installed. When Postfix is set up as a local server, it will deliver system messages to the root user's local account. 

To view the Logwatch summaries on the local machine, you'll also need to install a text-mode mail reader, such as mutt.

For this lab, you can use any of your VMs:

  1. Install Logwatch, mutt, and, if necessary, Postfix. (On Ubuntu, choose the local option when installing Postfix. With CentOS, the local option is already the default.) For Ubuntu, use the following:
sudo apt install postfix mutt logwatch

For CentOS 7, use the following:

sudo yum install postfix mutt logwatch

For CentOS 8 use the following:

sudo dnf install postfix mutt logwatch
  1. On Ubuntu only, create a mail spool file for your user account:
sudo touch /var/mail/your_user_name
  1. Open the /etc/aliases file in your favorite text editor. Configure it to forward the root user's mail to your own normal account by adding the following line at the bottom of the file:
root:     your_user_name
  1. Save the file, and then copy the information from it to a binary file that the system can read. Do that with this:
sudo newaliases
  1. At this point, you have a fully operational implementation of Logwatch that will deliver daily log summaries with a low level of detail. To see the default configuration, look at the default configuration file:
less /usr/share/logwatch/default.conf/logwatch.conf
  1. To change the configuration, edit the /etc/logwatch/conf/logwatch.conf file on CentOS, or create the file on Ubuntu. Change to a medium level of logging detail by adding this line:
Detail = Med
Logwatch is a Python script that runs every night on a scheduled basis. So, there's no daemon that you have to restart to make configuration changes take effect.
  1. Perform some actions that will generate some log entries. You can do that by performing a system update, installing some software packages, and using sudo fdisk -l to view the partition configuration.
  2. If possible, allow your VM to run overnight. In the morning, view your log summary by doing this:
mutt

When prompted to create a Mail directory in your home directory, hit the y key.

  1. This is the end of the lab.

Now that you've seen the easy way of doing a log review, let's move on to the final topic of this chapter, which is how to set up a central log server.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.119.111.9