I got the solution from perl forum, click on this link for the help I had
This is the documentated perl script for wtmp logs parsed for logwatch monitoring:
Code:
1. Download the logwatch tar file from the internet. The latest running version is logwatch-7.4.0
2. Look here for the version-------------http://sourceforge.net/projects/logwatch/files/
3. Look here for developer details---http://logwatch.isoc.lu/tabs/docs/index.html
4. Download and store the tarball into your /tmp directory
5. Unzip, untar and cd into the folder
gunzip logwatch-7.4.0.tar.gz
untar -xvf logwatch-7.4.0.tar
cd logwatch-7.4.0
6. Create these directories and soft links:
mkdir /etc/logwatch
mkdir /etc/logwatch/scripts
mkdir /etc/logwatch/conf
mkdir /etc/logwatch/conf/logfiles
mkdir /etc/logwatch/conf/services
touch /etc/logwatch/conf/logwatch.conf
touch /etc/logwatch/conf/ignore.conf
touch /etc/logwatch/conf/override.conf
mkdir /usr/share/logwatch
mkdir /usr/share/logwatch/dist.conf
mkdir /usr/share/logwatch/dist.conf/logfiles
mkdir /usr/share/logwatch/dist.conf/services
mv conf/ /usr/share/logwatch/default.conf
mv scripts/ /usr/share/logwatch/scripts
mv lib /usr/share/logwatch/lib
mkdir /var/cache/logwatch
ln -s /usr/share/logwatch/scripts/logwatch.pl /etc/cron.daily/0logwatch
ln -s /usr/share/logwatch/scripts/logwatch.pl /usr/sbin/logwatch
7. Backup and edit the config file accordingly
/usr/share/logwatch/default.conf/logwatch.conf
##to edit html format, edit these lines in the config file stated above
#Output/Format Options
#By default Logwatch will print to stdout in text with no encoding.
#To make email Default set Output = mail to save to file set Output = file
#Output = stdout
Output = mail
#To make Html the default formatting Format = html
Format = html
##to edit the email recipients, edit this line, separate multiple recipients with space
# Default person to mail reports to. Can be a local account or a
# complete email address. Variable Output should be set to mail, or
# --output mail should be passed on command line to enable mail feature.
MailTo = Priti.Patel@xxx.com.my onepatel@xxx.com
8. to add wtmp logs into monitoring you need to define 3 things:
8.1 /usr/share/logwatch/scripts/services >>> this is where the script/work will be done
my-mnag0:/etc/logwatch/conf/logfiles # more /usr/share/logwatch/scripts/services/my-report
#!/usr/bin/perl
@type = (
"Empty", "Run Lvl", "Boot", "New Time", "Old Time", "Init",
"Login", "Normal", "Term", "Account"
);
$recs = "";
while (<>) {
$recs .= $_;
}
foreach ( split( /(.{384})/s, $recs ) ) {
next if length($_) == 0 ;
my ( $type, $pid, $line, $inittab, $user, $host, $t1, $t2, $t3, $t4, $t5 ) =
$_ =~ /(.{4})(.{4})(.{32})(.{4})(.{32})(.{256})(.{4})(.{4})(.{4})(.{4})(.{4})/s;
if ( defined $line && $line =~ /\w/ ) {
$line =~ s/\
x00+//g;
$host =~ s/\x00+//g;
$user =~ s/\x00+//g;
printf(
"%s %-8s %-12s %10s %-45s \n",
scalar( gmtime( unpack( "I4", $t3 ) ) ),
$type[
unpack( "
I4", $type )
],
$user,
$line,
$host
);
}
}
printf "\n"
8.2 /usr/share/logwatch/default.conf/services >>> this is where you define the services/config options of your script above
my-mnag0:/etc/logwatch/conf/logfiles # more /usr/share/logwatch/default.conf/services/my-report.conf
Title = "WTMP logs"
Logfile = wtmp
8.3 /etc/logwatch/conf/logfiles >>> this is where the log files will be parsed
my-mnag0:/etc/logwatch/conf/logfiles # more /etc/logwatch/conf/logfiles/wtmp.conf
#Define log file group for wtmp log
Logfile = /var/log/wtmp
The reason the wtmp and wtmp.conf is in red is because both names must be same. different names will call different logs/generate error
You can close this thread now...
Last edited by hedkandi; 12-02-2011 at 12:10 AM..
Reason: edited email addresses
These 2 Users Gave Thanks to hedkandi For This Post:
I know I can use the who and finger commands to see what users are currently logged in.
Is there a log to show when a user last logged in & out?
Or a way to see users that logged in & out on a specific date?
Thanks. (2 Replies)
Hey everyone,
I am trying to get a 2GB patch cluster FTP'd to a solaris 10 server. I have tried logging in via ftp, and both with root as well as my personal account, I get "Login Incorrect." I have verified that I can log in using telnet.
-bash-3.00$ netstat -a |grep ftp
*.ftp ... (10 Replies)
Hi guys,
I have just installed Solaris 10 x86. My system boots into graphical login by default, I want to have text login only, where can I change that. I tried to use the linux and bsd concept of editing /etc/inittab, and change the default value to 3, but that doesn't work in Solaris. Please... (6 Replies)
Dear all,
cannot login to a HP unix server using root as well as other logins.
Even root also cannot enter. It seems that they have changed some permissions in /
Any way of recovering the system or getting logged in .
Thanks in advance
Rj (8 Replies)
i vi .profile Set DATE `date +%m%d%Y%H%M`, but after logout/login, echo $DATE, it shows: Fri Mar 23 15:01:53 EDT 2012, i want to show: 032320121501
please ignore.
vi /etc/profile, and export DATE=`date +%m%d%Y%H%M`, worked fine now. (0 Replies)
Discussion started by: lawsongeek
0 Replies
6. Forum Support Area for Unregistered Users & Account Problems
Hi,
This is user : matrixmadhan. Am unable to login despite repeated attempts. I tried recovering via forgot password, but neither of the email ids I gave isnt being recognized.
Is there a way I could get some help?
Thanks,
-matrixmadhan (4 Replies)
Hi,
While running my ksh file, I require the logs to be written to another file. For this I use the below code:
write_log()
{
echo `date +"%d %h, %Y %H:%M:%S"` " : " $* >> ${LOG_FILE}
}
But inside my ksh file, am connecting to sftp server and executing some commands.
So while i see... (8 Replies)
Hi people
I have a bash script with a line like this:
python example.py >> log &
But i can't see anything in the log file while python program is running only if the program ends seems to write the log file.
"$ cat log" for example don't show anything until the program ends.
Is there... (4 Replies)
This is Solaris 10 and sorce+destination are non root user. Somehow it is broke and I am not able to fix it. Already checked permissions on both servers and authorized_keys entry of destination is same as id_rsa.pub of source server. I can not regenerate keys on source server because I do not know,... (0 Replies)
I have the below script, but when i execute it is still printing to screen is there a way i can stop this and just print everything to the log file. Thank you.
#!/bin/bash
exec > >(tee "/var/log/ScriptLogs/called_from_incrontab.log") 2>&1
DIR="$1"
FILE="$2"
echo "STEP 1: Datafile... (5 Replies)
11-30-2011
