Hi,
I've become quite enamored with epylog as a replacement for logwatch; it's been meeting my needs nicely.
I've been working on tweaking my epylog 1.0.3 configuration for a LAMP server, and wanted to share some of my configurations.
===
/etc/epylog/weed_local.cf
## Ubuntu 10.04 LTS # CRON invocation CRON[\d+]: (root) CMD ( cd / && run-parts --report /etc/cron.(daily|hourly|weekly|monthly)) # CRON session open / close for root when invoked by uid=0 CRON[\d+]: pam_unix(cron:session): session (open|clos)ed for user root( by (uid=0))? # Automatic PHP Session garbage collection CRON[\d+]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm) # cracklib cracklib: no dictionary update necessary. # ntdp peer validation ntpd[\d+]: peer \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3} now (valid|invalid)
===
Back in 2007, Jeremy Kindy at WFU posted a few modules, two of which work with Ubuntu; sudo usage logs and user/group reporting (imperfect, I may update it). Note: you'll get some noise about their self-signed certificate.
https://lists.dulug.duke.edu/pipermail/epylog/2007-August/000274.html
sudo mkdir /usr/local/src/epylog_kindyjd_modules cd /usr/local/src/epylog_kindyjd_modules sudo wget --no-check-certificate http://lists.dulug.duke.edu/pipermail/epylog/attachments/20070821/004982a6/e... sudo tar zxvf epylog_modules.tar.gz # sudo sudo cp sudo_mod.py /usr/share/epylog/modules sudo cp sudo.conf /etc/epylog/modules.d # users sudo cp users_mod.py /usr/share/epylog/modules sudo cp users.conf /etc/epylog/modules.d
Edit /etc/epylog/modules.d/sudo.conf and change files to:
files = /var/log/auth.log[.#]
Edit /etc/epylog/modules.d/users.conf and change files to:
files = /var/log/auth.log[.#]
===
I've been getting a deprecation warning:
/usr/lib/pymodules/python2.6/epylog/publishers.py:268: DeprecationWarning: the MimeWriter module is deprecated; use the email package instead import StringIO, MimeWriter
http://osdir.com/ml/debian-bugs-dist/2010-11/msg02837.html referred to a patch available at https://fedorahosted.org/epylog/changeset/394/epylog#file8 , but that link is now invalid. To the best of my knowledge, it's a known issue and has been fixed in dev, but not in any releases. Is there any way I can get that patch?
===
Thanks for all your hard work on this, and to Seth Vidal for picking up development again!
Best regards, Jon Peck Owner, FluxSauce.com