periodic: condensing mails
freebsd at qeng-ho.org
Wed Jun 18 07:48:20 UTC 2014
On 18/06/2014 02:35, kpneal at pobox.com wrote:
> On Tue, Jun 17, 2014 at 08:07:56PM -0400, Lowell Gilbert wrote:
>> "Littlefield, Tyler" <tyler at tysdomain.com> writes:
>>> I was reading this article:
>>> where it mentions this:
>>> I found turning off certain things like the “security mail” also
>>> disables portaudit DB updates. But I just changed my portaudit call to
>>> include the download.
>>> Somehow I had assumed that *update* would be separate from *report*.
>>> Is this still an issue? If so, how have people fixed it? I'm looking
>>> at condensing this (I'm dumping all failed ssh logins into a
>>> blacklist, so I don't need to know about them). I get a lot of
>>> material and sometimes it's a ton to read through.
>> I'm really not clear on what you're doing exactly.
>> Maybe what you're looking for is daily_status_security_inline
>> rather than disabling specific checks?
> And sshd logs to syslog, so you can adjust your syslogd.conf along with
> your sshd config to send sshd's messages anywhere you want.
> Another useful tip is to send the output of the periodic scripts to files
> instead of emails. In my 8.2 system all I had to do was put, for example,
> 'weekly_output="/some/path"' in my /etc/periodic.conf to silence the noise
> but still have the info if I need it.
If you use
in periodic.conf, it fits in with the default newsyslog.conf which
rotates the daily, weekly and monthly log files if they exist.
More information about the freebsd-questions