periodic: condensing mails
Arthur Chance
freebsd at qeng-ho.org
Wed Jun 18 07:48:20 UTC 2014
On 18/06/2014 02:35, kpneal at pobox.com wrote:
> On Tue, Jun 17, 2014 at 08:07:56PM -0400, Lowell Gilbert wrote:
>> "Littlefield, Tyler" <tyler at tysdomain.com> writes:
>>
>>> I was reading this article:
>>> http://deranfangvomende.wordpress.com/2014/05/11/freebsd-periodic-mails-vs-monitoring/
>>> where it mentions this:
>>> I found turning off certain things like the “security mail” also
>>> disables portaudit DB updates. But I just changed my portaudit call to
>>> include the download.
>>> Somehow I had assumed that *update* would be separate from *report*.
>>> Is this still an issue? If so, how have people fixed it? I'm looking
>>> at condensing this (I'm dumping all failed ssh logins into a
>>> blacklist, so I don't need to know about them). I get a lot of
>>> material and sometimes it's a ton to read through.
>>
>> I'm really not clear on what you're doing exactly.
>> Maybe what you're looking for is daily_status_security_inline
>> rather than disabling specific checks?
>
> And sshd logs to syslog, so you can adjust your syslogd.conf along with
> your sshd config to send sshd's messages anywhere you want.
>
> Another useful tip is to send the output of the periodic scripts to files
> instead of emails. In my 8.2 system all I had to do was put, for example,
> 'weekly_output="/some/path"' in my /etc/periodic.conf to silence the noise
> but still have the info if I need it.
>
If you use
daily_output="/var/log/daily.log"
weekly_output="/var/log/weekly.log"
monthly_output="/var/log/monthly.log"
daily_status_security_inline="YES"
weekly_status_security_inline="YES"
in periodic.conf, it fits in with the default newsyslog.conf which
rotates the daily, weekly and monthly log files if they exist.
More information about the freebsd-questions
mailing list