From owner-freebsd-questions@FreeBSD.ORG Wed Jun 18 07:48:20 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 065713EF for ; Wed, 18 Jun 2014 07:48:20 +0000 (UTC) Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 927A322C5 for ; Wed, 18 Jun 2014 07:48:19 +0000 (UTC) Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1]) by fileserver.home.qeng-ho.org (8.14.7/8.14.5) with ESMTP id s5I7TvVg094924; Wed, 18 Jun 2014 08:29:58 +0100 (BST) (envelope-from freebsd@qeng-ho.org) Message-ID: <53A13FF5.7060908@qeng-ho.org> Date: Wed, 18 Jun 2014 08:29:57 +0100 From: Arthur Chance User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: kpneal@pobox.com, "freebsd-questions@freebsd.org" Subject: Re: periodic: condensing mails References: <53A09B63.50805@tysdomain.com> <447g4ff5b7.fsf@lowell-desk.lan> <20140618013550.GA32817@neutralgood.org> In-Reply-To: <20140618013550.GA32817@neutralgood.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: tyler@tysdomain.com X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2014 07:48:20 -0000 On 18/06/2014 02:35, kpneal@pobox.com wrote: > On Tue, Jun 17, 2014 at 08:07:56PM -0400, Lowell Gilbert wrote: >> "Littlefield, Tyler" writes: >> >>> I was reading this article: >>> http://deranfangvomende.wordpress.com/2014/05/11/freebsd-periodic-mails-vs-monitoring/ >>> where it mentions this: >>> I found turning off certain things like the “security mail” also >>> disables portaudit DB updates. But I just changed my portaudit call to >>> include the download. >>> Somehow I had assumed that *update* would be separate from *report*. >>> Is this still an issue? If so, how have people fixed it? I'm looking >>> at condensing this (I'm dumping all failed ssh logins into a >>> blacklist, so I don't need to know about them). I get a lot of >>> material and sometimes it's a ton to read through. >> >> I'm really not clear on what you're doing exactly. >> Maybe what you're looking for is daily_status_security_inline >> rather than disabling specific checks? > > And sshd logs to syslog, so you can adjust your syslogd.conf along with > your sshd config to send sshd's messages anywhere you want. > > Another useful tip is to send the output of the periodic scripts to files > instead of emails. In my 8.2 system all I had to do was put, for example, > 'weekly_output="/some/path"' in my /etc/periodic.conf to silence the noise > but still have the info if I need it. > If you use daily_output="/var/log/daily.log" weekly_output="/var/log/weekly.log" monthly_output="/var/log/monthly.log" daily_status_security_inline="YES" weekly_status_security_inline="YES" in periodic.conf, it fits in with the default newsyslog.conf which rotates the daily, weekly and monthly log files if they exist.