Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

System errors being emailed to root

Status
Not open for further replies.

GigaG

Technical User
Aug 28, 2007
83
US
How would I set up my Ubuntu server to send emails to me instead of root for errors such as privledge access attempts? I'm sure there are different areas for different things, but this one I cannot find... The error is emailed to root (which does not exist so it bounces back)....

ri-Cinet01 : Mar 9 12:25:58 : diannacone : user NOT in sudoers ; TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/apt-get update

How do I send these emails to a different address?

I am using Postfix and have already set up the aliases and sender_canonical to reflect what I need and as far as php to postfix, it works fine with my Exchange box, what else do I need to change? I'm sure it's within a script of somesort, but i am at a loss as to where it is.

Thank you.


MCP ACA-I CTP
 
I don't run Ubuntu, but it probably is using the syslog facility. You have to figure out which facility and what level it is using, and the configuration is in /etc/syslog.conf to get just the ones you want.

eugene
 
Ok... yes it is syslog, which I kinda already figured from browsing the logs, but now where do i define where it sends the emails??

MCP ACA-I CTP
 
Another non-ubuntu user here, but if the system logs are being mailed, it's probably happening in a cron job (daily, I would suspect).
 
One entry should be "root" on the right, that
is who it sends mail.

So you can just change that there, restart syslogd.
eugene


 
I tried that and it still sends it to root

I went to the cron.daily sysklog... is this correct?

MCP ACA-I CTP
 
smah was right. look for logwatch.conf, that appears to configure a daily job that sends stuff seen in logfiles to the hardcoded root and it appears to be from Logwatch.

It should be expanded by aliases anyway, no?

eugene

 
Just set up a mail alias to that all mail to "root" gets sent to you. It's real easy if you use webmin to go in and edit the aliases.

If you are using postfix to do your mail you can edit /etc/postfix/aliases. Point 'root' at whoever you want to get that mail - it's down toward the bottom of the file, then restart postfix (service postfix restart) in my case (Mandrake).

If you don't restart postfix the changes you made to aliases do not get converted into 'aliases.db' which is the file postfix uses to process them.
 
... or just create a .forward file in root's home directory containing your email address?

Annihilannic.
 
donb01 has the easiest solution. You should have a root alias anyway. I always forget to check root's mail.

lol



Just my 2¢
-Cole's Law: Shredded cabbage

--Greg
 
Thank you for all the responses... Here is where I am at... I don't have an alias file in the spot that donb01 mentioned... it is out in the /etc folder all by itself. The file looked like this when it wasn't forwarding


# See man 5 aliases for format
postmaster: root
# Added by installer for initial user
root: gcoleman


gcoleman is the one I want to reroute to. There is however a file in postfix called sender_canonical that also looks like so:


root gcoleman@carouselindustries.com
gcoleman gcoleman@carouselindustries.com
gcoleman@carouselindustries.com


Whicj one should I use? The canonical file did have the incorrect email for gcoleman (it had a 2 instead of @) and I changed that, but other than that... is there anything else I should be doing? should the alias file be the full email address instead of just gcoleman??

Thanks


MCP ACA-I CTP
 
Unless they changed the requirements in a version of postfix later than the one I have, you shouldn't have to put in the full E-Mail address if the target is on the same box as the server is on - but it might be a better way of doing it if you host multiple domains, etc.

The problem with multiple distros of linux is that some times the files can be in slightly different locations. In one distro you find an app under /usr/appname and in anonther it's under /usr/local/appname. Usually if you have a filename you can say 'locate filename' to find it (you probably did).

Normally there are a LOT more things in the alias file.... abuse, sales, info, etc unless those are real logins on the system. Your server needs to accept at least mail to postmaster and abuse (no matter who they are routed to) to stay off certain radar screens.

Question is - after you changed the spelling error (and restarted postfix) did it fix the problem?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top