OshiHa.com

ConoHaでAlpine Linux 3.8

logwatch の監視項目修正

2018/09/04  2018/09/20

◆◇◆ 【衝撃価格】VPS512MBプラン!月額630円/1時間1円【ConoHa】 ◆◇◆

デフォルトの /usr を直接編集しても良いが、logwatch がアップデートされた時に上書きされて戻ってしまうので、カスタマイズ用を /etc 配下にコピーして編集する。(実行時は /etc 配下が優先される。)

1. Nginx項目の設定

設定1

alpine:~$ cat /usr/share/logwatch/default.conf/logfiles/http.conf
以下の項目が最初から追加されているので問題ない。
LogFile = nginx/*access.log
LogFile = nginx/*access.log.1
.....
Archive = nginx/*access.log.*.gz

設定2

alpine:~$ sudo cp /usr/share/logwatch/default.conf/logfiles/http-error.conf /etc/logwatch/conf/logfiles/http-error.conf
alpine:~$ sudo vi /etc/logwatch/conf/logfiles/http-error.conf
# 以下を追加
+ LogFile = nginx/*error.log
+ LogFile = nginx/*error.log.1

+ Archive = nginx/*error.log.*.gz

設定3

alpine:~$ sudo cp /usr/share/logwatch/default.conf/services/http.conf /etc/logwatch/conf/services/http.conf
alpine:~$ sudo vi /etc/logwatch/conf/services/http.conf
# 5行目:タイトルの表示名を変更
- Title = "httpd"
+ Title = "Nginx"

設定4

alpine:~$ sudo cp /usr/share/logwatch/default.conf/services/http-error.conf /etc/logwatch/conf/services/http-error.conf
alpine:~$ sudo vi /etc/logwatch/conf/services/http-error.conf
# 8行目:タイトルの表示名を変更
- Title = httpd errors
+ Title = Nginx errors

2. Dovecot項目の設定

logwatch の dovecot は /var/log/maillog をチェックする。
自分の dovecotサーバの設定に合わせてlogの場所を調整する。

alpine:~$ sudo cp /usr/share/logwatch/default.conf/logfiles/maillog.conf /etc/logwatch/conf/logfiles/maillog.conf
alpine:~$ sudo vi /etc/logwatch/conf/logfiles/maillog.conf
# 以下を追加
+ LogFile = dovecot/dovecot.log
.....
+ Archive = dovecot/dovecot.*

3. Disk Space の表示修正

エラー内容

------------------- Disk Space Begin -------------------

df: unrecognized option: x
BusyBox v1.28.4 (2018-08-09 19:07:42 UTC) multi-call binary.

Usage: df [-PkmhTai] [-B SIZE] [FILESYSTEM]...

Print filesystem usage statistics

       -P      POSIX output format
       -k      1024-byte blocks (default)
       -m      1M-byte blocks
       -h      Human readable (e.g. 1K 243M 2G)
       -T      Print filesystem type
       -a      Show all filesystems
       -i      Inodes
       -B SIZE Blocksize

df: unrecognized option: x
BusyBox v1.28.4 (2018-08-09 19:07:42 UTC) multi-call binary.

Usage: df [-PkmhTai] [-B SIZE] [FILESYSTEM]...

Print filesystem usage statistics

       -P      POSIX output format
       -k      1024-byte blocks (default)
       -m      1M-byte blocks
       -h      Human readable (e.g. 1K 243M 2G)
       -T      Print filesystem type
       -a      Show all filesystems
       -i      Inodes
       -B SIZE Blocksize

------------------- Disk Space End -------------------

エラー対策

alpine:~$ sudo cp /usr/share/logwatch/default.conf/services/zz-disk_space.conf /etc/logwatch/conf/services/zz-disk_space.conf
alpine:~$ sudo vi /etc/logwatch/conf/services/zz-disk_space.conf
# 33行目
- # $df_options = "-h -l -x tmpfs"
+ $df_options = “-h”

修正後の表示

------------------- Disk Space Begin -------------------

Filesystem                Size      Used Available Use% Mounted on
devtmpfs                 10.0M         0     10.0M   0% /dev
shm                     497.0M         0    497.0M   0% /dev/shm
/dev/vda3                47.0G      1.1G     43.5G   2% /
tmpfs                    99.4M    200.0K     99.2M   0% /run
/dev/vda1                92.8M     19.1M     66.8M  22% /boot

------------------- Disk Space End -------------------

4. sendmail-largeboxes の表示修正

エラー内容

--------- sendmail-largeboxes (large mail spool files) Begin ---------

Can't find spool directory

--------- sendmail-largeboxes (large mail spool files) End ---------

エラー対策

alpine:~$ sudo mkdir /etc/logwatch/scripts/services
alpine:~$ sudo cp /usr/share/logwatch/scripts/services/sendmail-largeboxes /etc/logwatch/scripts/services/sendmail-largeboxes
alpine:~$ sudo vi /etc/logwatch/scripts/services/sendmail-largeboxes
44、45行目
- if (-e "/var/mail") {
-         $SPOOLDIR = "/var/mail";
+ if (-e "/var/spool/postfix/maildrop") {
+         $SPOOLDIR = "/var/spool/postfix/maildrop";

5. sendmail の表示修正

エラー内容

------------------- sendmail Begin -------------------

couldn't find diagnostic data in /usr/share/perl5/core_perl/pods/perldiag.pod /usr/share/logwatch/lib /usr/local/lib/perl5/site_perl /usr/local/share/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib/perl5/core_perl /usr/share/perl5/core_perl /usr/share/logwatch/scripts/services/sendmail at /usr/share/perl5/core_perl/diagnostics.pm line 259,  line 711.
Compilation failed in require at /usr/share/logwatch/scripts/services/sendmail line 217.
BEGIN failed--compilation aborted at /usr/share/logwatch/scripts/services/sendmail line 217.

---------------------- sendmail End -------------------------

エラー対策

sendmail は対象外とする。
alpine:~$ sudo vi /etc/logwatch/conf/logwatch.conf

# 85行目に追加
Service = All
+ Service = -sendmail

6. Init の Unmatched Entries を消去

エラー内容

--------------------- Init Begin ------------------------

**Unmatched Entries**
starting pid 2665, tty '': '/sbin/openrc shutdown'
starting pid 2237, tty '/dev/tty1': '/sbin/getty 38400 tty1'
starting pid 2238, tty '/dev/tty2': '/sbin/getty 38400 tty2'
starting pid 2241, tty '/dev/tty3': '/sbin/getty 38400 tty3'
starting pid 2244, tty '/dev/tty4': '/sbin/getty 38400 tty4'
starting pid 2247, tty '/dev/tty5': '/sbin/getty 38400 tty5'
starting pid 2250, tty '/dev/tty6': '/sbin/getty 38400 tty6'

---------------------- Init End -------------------------

エラー対策

alpine:~$ sudo cp /usr/share/logwatch/default.conf/services/init.conf /etc/logwatch/conf/services/init.conf
alpine:~$ sudo vi /etc/logwatch/conf/services/init.conf
# 最終行に追加
*Remove = tty

7. Kernel Audit の Unmatched Entries を消去

エラー内容

--------------------- Kernel Audit Begin ------------------------

**Unmatched Entries**
 audit: type=2000 audit(1535807296.345:1): state=initialized audit_enabled=0 res=1
 audit: type=2000 audit(1535808439.005:1): state=initialized audit_enabled=0 res=1
 audit: type=2000 audit(1535947007.623:1): state=initialized audit_enabled=0 res=1
 audit: type=2000 audit(1535966251.518:1): state=initialized audit_enabled=0 res=1
 audit: type=2000 audit(1535966558.601:1): state=initialized audit_enabled=0 res=1
 audit: type=2000 audit(1536034076.438:1): state=initialized audit_enabled=0 res=1

---------------------- Kernel Audit End -------------------------

エラー対策

alpine:~$ sudo cp /usr/share/logwatch/default.conf/services/audit.conf /etc/logwatch/conf/services/audit.conf
alpine:~$ sudo vi /etc/logwatch/conf/services/audit.conf
# 最終行に追加
*Remove = audit

8. MariaDB項目の追加

設定1

alpine:~$ sudo cp /usr/share/logwatch/default.conf/logfiles/mysql.conf /etc/logwatch/conf/logfiles/mysql.conf
alpine:~$ sudo vi /etc/logwatch/conf/logfiles/mysql.conf
# 以下を追加
+ LogFile = /var/log/mysql/mariadb.log
.....
+ Archive = /var/log/mysql/mariadb.log*.gz

設定2

alpine:~$ sudo cp /usr/share/logwatch/default.conf/services/mysql.conf /etc/logwatch/conf/services/mysql.conf
alpine:~$ sudo vi /etc/logwatch/conf/services/mysql.conf
# 6行目:タイトルの表示名を変更
- Title = mysqld
+ Title = MariaDB

◆◇◆ 【衝撃価格】VPS512MBプラン!月額630円/1時間1円【ConoHa】 ◆◇◆

ConoHa VPSの攻略
Alpine Linux 3.8