Home / server / Questions / 392878
In Process
Gareth
Asked: 2012-05-27 01:11:24 +0800 CST

How should I setup email log notifications on Debian server

  • 772

I've built lots of Debian servers. They hardly ever fail but when they do I've never had a good enough logging system. So I told myself this time would be different.

I've got Apache2 and MySQL happy and working with Name Based Virtual Hosting.

I've got etckeeper and mysqlbackup and an S3 backup script.

I've got my SSL certs locked down and I've just installed Exim4.

Now comes the 2000 emails from Logcheck from five days of having no mail transport.

And now apparently I need to write a whole bunch of custom rules for Logwatch:

Wait what...

Are you for real?: http://logcheck.org/docs/README.logcheck-database

Apr  6 19:30:24 oempc wwwoffled[11763]: WWWOFFLE Online.
Apr  6 19:31:54 oempc wwwoffled[11763]: WWWOFFLE Offline.

...then the local ignore pattern you need is something like this:

^\w{3} [ :0-9]{11} oempc wwwoffled\[[0-9]+\]: WWWOFFLE (On|Off)line\.$

I just want to be a good little sysadmin and get emails I'm going to actually read about you'know, things that matter.

How do I just get Logwatch to send me "MySQL ran out of memory" or "Apache exploded" rather than 50 pages of this every hour?:

This email is sent by logcheck. If you no longer wish to receive
such mail, you can either deinstall the logcheck package or modify
its configuration file (/etc/logcheck/logcheck.conf).

    System Events
    =-=-=-=-=-=-=
    May 26 18:02:22 Debian6-VPS kernel:

**BAZZILION LINES OF NETWORK INFORMATION THAT I DON'T CARE ABOUT**

P.S. There's nothing in /etc/logcheck/logcheck.conf AHAHAHAHAHAHAHAHA Sigh.

linux logging debian logwatch

1 Answers

  1. If you want a quick to setup solution for monitoring mysqld processes, disk usage, Apache2 and resource usage I would suggest to use monit with an external google smtp service configured in /etc/monit.conf like so;

    set daemon  60
set mailserver smtp.googlemail.com port 587
    username "Rabbi" password "Loew"

set alert [email protected] but not on { instance } with reminder on 15 cycles 

#grab some service scripts
include /etc/monit.d/*

set httpd port 2812
        allow 127.0.0.1

    I have the following in /etc/monit.d/filesystem.conf

    check device rootfs with path /
    if changed fsflags then alert
    if space usage > 90% for 5 times within 15 cycles
      then alert else if passed for 10 cycles then alert
    if space usage > 95% then alert
    if inode usage > 90 % then alert

    and something like this to alert of resource usages as appropriate in /etc/monit.d/system.conf;

    check system localhost
    if loadavg (1min) > 10 for 10 cycles  then alert
    if loadavg (5min) > 60  for 10 cycles then alert
    if memory usage > 90% for 8 cycles   then alert
    if swap usage > 20% then alert
    if cpu usage (user) > 90% then alert
    if cpu usage (system) > 75% then alert
    if cpu usage (wait) > 75% then alert

    I've also started a github project called monit-shared which aims to capture a few starter configurations for common services (sendmail, dovecot, mysql) etc.

    You can generally just checkout which ones are applicable into /etc/monit.d, such as httpd.conf and they should do the kind of basic checks you mention automatically, and notify using your external email service.

    • 2