0

Hi if you have a handful of servers around each with LogWatch installed and generating a daily summary mail for you, how do you retrieve these mails?

At the moment I only have Dovecot installed on one of the boxes, from which I can download via Outlook the daily LogWatch mail. However, I'm not doing the same for the rest of my servers.

Am interested in how the rest of you manage this. I'm also setting up a mail server using Zimbra. Is there a way for all these servers to forward these mails to one single account? What do I need to setup or install? Thanks.

user192702
  • 921
  • 4
  • 15
  • 22

1 Answers1

1

Use a Central Email Account

I recommend you use a centralized, dedicated email account for the notices from all of your servers and configure your servers to forward root emails to this account.

Since servers can generate a lot of email when there are issues, I recommend a dedicated account and not mix it with some other email account.

Also, note that the email may not be 100% secure in transit, so review the contents of the email and see if there's anything sensitive being sent.

Forward Root The easiest way to do this is just update the email alias for root on each server to go to your email. This way you will get cron notices and other systems notices.

Logwatch Only

If you just want to forward logwatch emails, then you can update logwatch's configuration file.

Check the cron job entry (usually in /etc/crond.daily/) and see where the configuration file lives. You can then update this config file with your email.

Centralized Logging

Note that as the number of systems grow, email will become unmanageable. You can then look into centralized logging (nr-syslog and others) as well as IDS/NIDS systems with centralized monitoring capabilities.

jeffatrackaid
  • 4,112
  • 18
  • 22
  • Thanks. I don't know how my LogWatch is scheduled as I don't see anything in the crontab (I have only one file named root under /var/spool/cron/ and it doesn't have anything for LogWatch). For mail re-direction, I've already done that on the one box I was referring to via /etc/aliases but am wondering if there are any fancier ways to do this. There should be because if I set on each box to redirect mails from root to say root@mydomain.com, they each will look up my domain's MX records and send mails to the Internet before being redirected back in to my internal mail server. – user192702 Jan 03 '14 at 06:00
  • I need to further clarify the statement "if I set on each box to redirect mails from root to say root@mydomain.com, they each will look up my domain's MX records and send mails to the Internet before being redirected back in to my internal mail server." The reason this happens because the MX records have my mail server's public IP. So I think sendmail will establish connection to my internal mail server using this public IP rather than the internal IP. I guess I can put the mail server's internal IP into the /etc/hosts file of each of these boxes. But is that the proper way? – user192702 Jan 03 '14 at 07:11