Date: Wed, 18 Jun 2014 08:29:57 +0100 From: Arthur Chance <freebsd@qeng-ho.org> To: kpneal@pobox.com, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Cc: tyler@tysdomain.com Subject: Re: periodic: condensing mails Message-ID: <53A13FF5.7060908@qeng-ho.org> In-Reply-To: <20140618013550.GA32817@neutralgood.org> References: <53A09B63.50805@tysdomain.com> <447g4ff5b7.fsf@lowell-desk.lan> <20140618013550.GA32817@neutralgood.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18/06/2014 02:35, kpneal@pobox.com wrote: > On Tue, Jun 17, 2014 at 08:07:56PM -0400, Lowell Gilbert wrote: >> "Littlefield, Tyler" <tyler@tysdomain.com> writes: >> >>> I was reading this article: >>> http://deranfangvomende.wordpress.com/2014/05/11/freebsd-periodic-mails-vs-monitoring/ >>> where it mentions this: >>> I found turning off certain things like the “security mail” also >>> disables portaudit DB updates. But I just changed my portaudit call to >>> include the download. >>> Somehow I had assumed that *update* would be separate from *report*. >>> Is this still an issue? If so, how have people fixed it? I'm looking >>> at condensing this (I'm dumping all failed ssh logins into a >>> blacklist, so I don't need to know about them). I get a lot of >>> material and sometimes it's a ton to read through. >> >> I'm really not clear on what you're doing exactly. >> Maybe what you're looking for is daily_status_security_inline >> rather than disabling specific checks? > > And sshd logs to syslog, so you can adjust your syslogd.conf along with > your sshd config to send sshd's messages anywhere you want. > > Another useful tip is to send the output of the periodic scripts to files > instead of emails. In my 8.2 system all I had to do was put, for example, > 'weekly_output="/some/path"' in my /etc/periodic.conf to silence the noise > but still have the info if I need it. > If you use daily_output="/var/log/daily.log" weekly_output="/var/log/weekly.log" monthly_output="/var/log/monthly.log" daily_status_security_inline="YES" weekly_status_security_inline="YES" in periodic.conf, it fits in with the default newsyslog.conf which rotates the daily, weekly and monthly log files if they exist.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53A13FF5.7060908>