logrotate cron awstats apache

vim /etc/logrotate.d/rsyslog

vim /etc/logrotate.conf

/etc/cron.daily/awstats

#!/bin/sh
/usr/share/awstats/tools/update.sh && /usr/share/awstats/tools/buildstatic.sh

/etc/logrotate.d/apache2

/var/log/apache2/*.log {
    weekly    
    missingok
    rotate 1
    compress
    delaycompress
    notifempty
    create 640 root adm 
    sharedscripts
Tags
analytics

logcheck

  1. ai logcheck syslog-summary
  2. rm /etc/logcheck/logcheck.logfiles.d/syslog.logfiles

vim /etc/logcheck/logcheck.conf

SYSLOGSUMMARY=1
ATTACKSUBJECT="Security Alerts"
SECURITYSUBJECT="Security Events"
EVENTSSUBJECT="System Events"
Tags
analytics

journalctl

/etc/systemd/journald.conf

Storage=auto
SystemMaxUse=1G
MaxRetentionSec=1week
ForwardToSyslog=no
  1. sc-restart systemd-journald
  2. du -sch /var/log/journal
  3. sc-failed
  4. omz plugin info systemd
  5. journalctl -p err -b
     
Tags
analytics

netdata

  1. https://serverfault.com/questions/899364/netdata-ipv4-udp-errors
  2. ai netdata
  3. echo "[global]" > /var/lib/netdata/cloud.d/cloud.conf
    echo "enabled = no" >> /var/lib/netdata/cloud.d/cloud.conf
  4. chown netdata:netdata /var/lib/netdata/cloud.d/cloud.conf
Tags
analytics

goaccess

  1. https://www.digitalocean.com/community/tutorials/how-to-install-and-use-goaccess-web-log-analyzer-on-ubuntu-20-04
  2. https://kifarunix.com/install-goaccess-on-ubuntu-18-04-debian-10-buster/
  3. ai fonts-font-awesome goaccess
  4. ln -s /usr/share/fonts-font-awesome/fonts/
  5. l /var/www/goaccess
  6. htpasswd

/etc/goacc

Tags
analytics

logwatch

  1. zless /usr/share/doc/logwatch/HOWTO-Customize-LogWatch.gz
  2. vim /usr/share/logwatch/default.conf/logwatch.conf
    • Detail = Med
  3. logwatch --service http --range today
  4. vim /etc/cron.daily/00logwatch
    • /usr/sbin/logwatch --mailto root

vim ~/.forward

srvlog@DOM.TLD 
 

Tags
analytics

awstats

  1. https://tecadmin.net/install-awstats-apache-log-analyzer-on-ubuntu/
  2. cp /usr/share/doc/awstats/examples/apache.conf /etc/apache2/conf-available/awstats.conf
  3. a2enconf awstats
  4. a2enmod cgi remoteip
  5. mkdir /var/lib/awstats/DOMAIN 
  6. chmod go+w /var/lib/awstats/DOMAIN
  7. vim /etc/awstats/awstats.DOMAIN.conf
  8. /etc/cron.daily/awstats

/etc/awstats/awstats.DOM.TLD.conf

Include "/etc/awstats/awstats.conf"
Sit
Tags
analytics

log viewer

  1. tail -f
  2. t
  3. systemctl --failed
  4. journalctl https://wiki.ubuntuusers.de/systemd/journalctl/
  5. colortail https://manpages.debian.org/bullseye/colortail/colortail.1.en.html
  6. multitail https://www.vanheusden.com/multitail/
  7. awk '{print $9}' /var/log/nginx/access.log | sort | uniq -c | sort -rn
     
Tags
analytics

icinga

  1. https://www.howtoforge.com/how-to-install-icinga-2-monitoring-software-on-debian-12/ 
  2. ai -y wget curl nano software-properties-common dirmngr apt-transport-https gnupg2 ca-certificates lsb-release debian-archive-keyring ufw unzip
  3. ai -y mariadb-server
  4. mariadb-secure-installation
  5. ai -y icinga2 monitoring-plugins
  6. ai -y icinga2-ido-mysql
  7. vim /etc/icinga2/features-available/ido-mysql.conf
  8. icinga2 feature list
Tags
analytics

fail2ban status script

#!/bin/sh

list=$(fail2ban-client status | grep list | cut -d ":" -f2 | tr -d ',')

for i in $list; do
    fail2ban-client status $i
done

Tags
analytics

pflogsum

crontab -e

59 23 * * *    /usr/sbin/pflogsumm -d today /var/log/mail.log | mail -s "pflogsum daily Report `date`" log@DOM.TLD
0 1 * * mon    /usr/sbin/pflogsumm /var/log/mail.log.1 | mail -s "pflogsum weekly Report `date`" log@DOM.TLD

Tags
MailServer
analytics

nginx netdata

server {
    server_name    netdata.TLD;

    add_header Strict-Transport-Security "max-age=7200";

Tags
nginx
analytics

fail2ban statistics

  1. ai mailutils
  2. https://www.abuseipdb.com/ 
  3. https://www.liveipmap.com/ 

/etc/cron.monthly/f2b-stat

#!/bin/sh

Tags
analytics
security
firewall

logging

  1. ai rsyslog
  2. timedatectl
  3. timedatectl set-timezone Europe/Vienna
Tags
analytics

logrotate cron goaccess nginx

/etc/cron.daily/goaccess

#!/bin/sh
goaccess

chmod +x /etc/cron.daily/goaccess

Tags
analytics