-
Notifications
You must be signed in to change notification settings - Fork 0
/
brainstorming.txt
86 lines (69 loc) · 4.9 KB
/
brainstorming.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
Debug Running
*************
- For Debian
- For devel link the files into logwatch configuration directory
cd /etc/logwatch/scripts/services; sudo ln -s <git_basedir>/scripts/drupal
cd /etc/logwatch/conf/logfiles; sudo ln -s <git_basedir>/conf/logfiles/drupal
cd /etc/logwatch/conf/services -s <git_basedir>/conf/services/drupal
- Run logwatch
clear && logwatch --service drupal --range All --logdir ../logs/ --debug high --filename drupal-logwatch.txt
Logwatch
********
- Take an often used file as base, like ssh or dpkg
Log-Format
==========
Specify the format of the syslog entry. Available variables are:
!base_url
Base URL of the site.
!timestamp
Unix timestamp of the log entry.
!type
The category to which this message belongs.
!ip
IP address of the user triggering the message.
!request_uri
The requested URI.
!referer
HTTP Referer if available.
!uid
User ID.
!link
A link to associate with the message.
!message
The message to store in the log.
Process Logs
============
Prefix will be removed by RemoveService entfernt (I think so):
"Apr 28 17:42:38 vmweb drupal: "
http://website.org:8080|\d+|system|10.0.2.2|http://website.org:8080/admin/modules/list/confirm?render=overlay|http://website.org:8080/admin/modules?render=overlay|1||syslog module installed.
http://website.org:8080|\d+|system|10.0.2.2|http://website.org:8080/admin/modules/list/confirm?render=overlay|http://website.org:8080/admin/modules?render=overlay|1||syslog module enabled.
http://website.org:8080|\d+|system|10.0.2.2|http://website.org:8080/admin/modules/list/confirm?render=overlay|http://website.org:8080/admin/modules?render=overlay|1||dblog module disabled.
--> List as found in dpkg; OK NOT TESTED YET
http://website.org:8080|\d+|php|10.0.2.2|http://website.org:8080/admin/modules/list/confirm?render=overlay|http://website.org:8080/admin/modules?render=overlay|3||Warning: Invalid argument supplied for foreach() in element_children() (line 6046 of /home/drupal/drupal7/includes/common.inc).
https://website.org:8443|\d+|php|10.0.2.2|https://website.org:8443/en/admin/structure/views/view/calendar/edit/calendar_1/ajax|https://website.org:8443/en/admin/structure/views/view/calendar/edit/calendar_1|3||Notice: Undefined property: date_views_argument_handler_simple::$argument in calendar_plugin_style->query() (line 129 of /home/drupal/drupal7/sites/all/modules/calendar/includes/calendar_plugin_style.inc).
https://website.org:8443|\d+|php|10.0.2.2|https://website.org:8443/en/admin/structure/views/view/calendar/edit/calendar_1/ajax|https://website.org:8443/en/admin/structure/views/view/calendar/edit/calendar_1|3||Notice: Undefined property: date_views_argument_handler_simple::$min_date in calendar_plugin_style->query() (line 131 of /home/drupal/drupal7/sites/all/modules/calendar/includes/calendar_plugin_style.inc).
--> List of PHP messages as found in dpkg; OK NOT TESTED YET
https://website.org:8443|\d+|content|10.0.2.2|https://website.org:8443/en/node/add/page|https://website.org:8443/en/node/add/page|3|view|page: added Folgen.
http://website.org:8080|\d+|content|10.0.2.2|http://website.org:8080/node/1/edit|http://website.org:8080/node/1/edit|2|view|page: updated Impressum.
https://website.org:8443|\d+|content|10.0.2.2|https://website.org:8443/en/node/10/revisions/11/delete|https://website.org:8443/en/node/10/revisions/11/delete|3||image_container: deleted User Pictures revision 11.
https://website.org:8443|\d+|content|10.0.2.2|https://website.org:8443/en/node/32/delete|https://website.org:8443/en/node/32/delete|3||page: deleted Folgen.
https://website.org:8443|\d+|content|10.0.2.2|https://website.org:8443/en/admin/content|https://website.org:8443/en/admin/content|3||Deleted 13 posts.
--> List (by action) as found in dpkg; OK NOT TESTED YET
Everything else
--> Unmatched List as in dpkg; OK NOT TESTED YET
http://website.org:8080|\d+|user|10.0.2.2|http://website.org:8080/user|http://website.org:8080/user|3||Session opened for supeuser.
http://website.org:8080|\d+|user|10.0.2.2|http://website.org:8080/user/logout|http://website.org:8080/|1||Session closed for sroot.
--> Count login/logout as done with ssh
http://website.org:8080|\d+|cron|10.0.2.2|http://website.org:8080/||0||Cron run completed.
http://default/home/drupal/drupal7/scripts|\d+|cron|127.0.0.1|http://default/cron.php||0||Cron run completed.
--> Count as done with ssh
http://website.org:8080|\d+|page not found|10.0.2.2|http://website.org:8080/node/5000||1||node/5000
http://website.org:8080|\d+|access denied|10.0.2.2|http://website.org:8080/user/1||0||user/1
--> Count as done with ssh
Users logging in through sshd:
sd2k9:
12.3.145.167 (url.net): 1 time
https://website.org:8443|\d+|i18n_string|10.0.2.2|https://website.org:8443/en/batch?id=20&op=do|https://website.org:8443/en/batch?op=start&id=20|3||Updated string node:type:event:name for textgroup node: Map Event
--> List (by action) as found in dpkg; do for everything else
Upgraded:
libtiff4 3.9.4-5+squeeze7 => 3.9.4-5+squeeze8