Ola a todos, estou tendo dificuldades de configurar corretamente o logcheck. O que eu quero que o logcheck faça, é que quando eu tenha algum problema no pc, ele me envie um email. Sempre que eu rodo o /usr/sbin/logcheck, ele me envia um email do tipo:
Warning: If you are seeing this message, your log files may not have been checked! Details: Gave up no Logfile exist or we do not have permissions to read it Check temporary directory: /tmp/logcheck.GPagGb declare -x COLORTERM="" declare -x CPLUS_INCLUDE_PATH="/usr/lib/qt/include:/usr/lib/qt/include" declare -x DESKTOP_SESSION="default" declare -x DISPLAY=":0.0" declare -x DM_CONTROL="/var/run/xdmctl" .... Bom, quando eu vou no /tmp, o arquivo logcheck.GPagGb nao existe. Segundo, eu gostaria que ele me mande uma mensagem dizendo algo com "o seu computador foi desligado de maneira errada" etc..(não levem ao pé da letra a mensagem ). Abaixo estou postando os meus conf do logcheck e do syslog.conf. Agradeço pela atenção.. logcheck.conf cat logcheck.conf # The following variable settings are the initial default values, # which can be uncommented and modified to alter logcheck's behaviour # Controls the format of date-/time-stamps in subject lines: # Alternatively, set the format to suit your locale #DATE="$(date +'%Y-%m-%d %H:%M')" # # Controls the presence of boilerplate at the top of each message: # Alternatively, set to "0" to disable the introduction. # # If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt # are present their contents will be read and used as the header and # footer of any generated mails. # #INTRO=1 # Controls the level of filtering: # Can be Set to "workstation", "server" or "paranoid" for different # levels of filtering. Defaults to server if not set. REPORTLEVEL="server" # Controls the address mail goes to: # *NOTE* the script does not set a default value for this variable! # Should be set to an offsite "[EMAIL PROTECTED]" SENDMAILTO="[EMAIL PROTECTED]" # Should the hostname in the subject of generated mails be fully qualified? FQDN=1 # Controls whether "sort -u" is used on log entries (which will # eliminate duplicates but destroy the original ordering); the # default is to use "sort -k 1,3 -s": # Alternatively, set to "1" to enable unique sorting #SORTUNIQ=0 # Controls whether /etc/logcheck/cracking.ignore.d is scanned for # exceptions to the rules in /etc/logcheck/cracking.d: # Alternatively, set to "1" to enable cracking.ignore support #SUPPORT_CRACKING_IGNORE=0 # Controls the base directory for rules file location # This must be an absolute path #RULEDIR="/etc/logcheck" # Controls if syslog-summary is run over each section. # Alternatively, set to "1" to enable extra summary. #SYSLOGSUMMARY=0 # Controls Subject: lines on logcheck reports: #ATTACKSUBJECT="Attack Alerts" #SECURITYSUBJECT="Security Events" #EVENTSSUBJECT="System Events" # Controls [logcheck] prefix on Subject: lines # ADDTAG="no" syslog.conf cat /etc/syslog.conf #registra todas mensagens de erro e notificacoes importantes em /var/log/messages *.warning;*.err;*.crit;*.alert /var/log/messages authpriv.* /var/log/messages #escreve em terminais quando a situacao é realmente grave kern.crit,daemon.crit /dev/console kern.crit,daemon.crit /root *.emerg * #separa outros arquivos.log para se tornar mais fácil a leitura # Private authentication message logging: authpriv.* -/var/log/secure # Cron related logs: cron.* -/var/log/cron # daemon related logs: daemon.* /var/log/daemon.log #kern related logs: kern.* /var/log/kern.log # ftp related logs: ftp* /var/log/ftp.log #authopriv related logs: authopriv.* /var/log/authopriv.log # Mail related logs: mail.* -/var/log/maillog # This log is for news and uucp errors: uucp,news.crit -/var/log/spooler -- []'s...Renato Linux User 430091 www.renator.wordpress.com --~--~---------~--~----~------------~-------~--~----~ GUS-BR - Grupo de Usuários de Slackware - BR http://www.slackwarebrasil.org/ http://groups.google.com/group/slack-users-br -~----------~----~----~----~------~----~------~--~---
