Hi,
I've become quite enamored with epylog as a replacement for logwatch; it's
been meeting my needs nicely.
I've been working on tweaking my epylog 1.0.3 configuration for a LAMP
server, and wanted to share some of my configurations.
===
/etc/epylog/weed_local.cf
## Ubuntu 10.04 LTS
# CRON invocation
CRON\[\d+\]: \(root\) CMD \( cd / && run-parts --report
/etc/cron.(daily|hourly|weekly|monthly)\)
# CRON session open / close for root when invoked by uid=0
CRON\[\d+\]: pam_unix\(cron:session\): session (open|clos)ed for user root(
by \(uid=0\))?
# Automatic PHP Session garbage collection
CRON\[\d+\]: \(root\) CMD \( \[ -x /usr/lib/php5/maxlifetime \] && \[ -d
/var/lib/php5 \] && find /var/lib/php5/ -type f -cmin
+$\(/usr/lib/php5/maxlifetime\) -print0 | xargs -n 200 -r -0 rm\)
# cracklib
cracklib: no dictionary update necessary\.
# ntdp peer validation
ntpd\[\d+\]: peer \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} now (valid|invalid)
===
Back in 2007, Jeremy Kindy at WFU posted a few modules, two of which work
with Ubuntu; sudo usage logs and user/group reporting (imperfect, I may
update it). Note: you'll get some noise about their self-signed
certificate.
https://lists.dulug.duke.edu/pipermail/epylog/2007-August/000274.html
sudo mkdir /usr/local/src/epylog_kindyjd_modules
cd /usr/local/src/epylog_kindyjd_modules
sudo wget --no-check-certificate
http://lists.dulug.duke.edu/pipermail/epylog/attachments/20070821/004982a...
sudo tar zxvf epylog_modules.tar.gz
# sudo
sudo cp sudo_mod.py /usr/share/epylog/modules
sudo cp sudo.conf /etc/epylog/modules.d
# users
sudo cp users_mod.py /usr/share/epylog/modules
sudo cp users.conf /etc/epylog/modules.d
Edit /etc/epylog/modules.d/sudo.conf and change files to:
files = /var/log/auth.log[.#]
Edit /etc/epylog/modules.d/users.conf and change files to:
files = /var/log/auth.log[.#]
===
I've been getting a deprecation warning:
/usr/lib/pymodules/python2.6/epylog/publishers.py:268: DeprecationWarning:
the MimeWriter module is deprecated; use the email package instead
import StringIO, MimeWriter
http://osdir.com/ml/debian-bugs-dist/2010-11/msg02837.html referred to a
patch available at
https://fedorahosted.org/epylog/changeset/394/epylog#file8 , but that link
is now invalid. To the best of my knowledge, it's a known issue and has
been fixed in dev, but not in any releases. Is there any way I can get that
patch?
===
Thanks for all your hard work on this, and to Seth Vidal for picking up
development again!
Best regards,
Jon Peck
Owner,
FluxSauce.com