logwatch config and overrides for SLES12

cron_logwatch_details

/usr/sbin/logwatch --service iptables --service named --service sshd --detail med --range yesterday --output mail --format html

header.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
<head>
<title>Logwatch  $Version  ( $VDate )</title>
<meta name="generator" content="Logwatch  $Version ( $VDate )">
<style type="text/css">
  h1 {color: gray; border-bottom: 3px double silver; font-family: helvetica; }
  h2 {color: white; border-bottom: 1px solid silver; font-family: helvetica; }
  h3 {color: white; border-bottom: 1px solid silver; font-family: helvetica; }
  th {background: #6D88AD; text-align: left; font-family: helvetica; font-size: 0.9em; font-weight: bold; border-width: 0px; }
  td {background: #EFEFEF; text-align: left; font-family: courier; font-size: 0.9em; border-width: 0px; }
  li { font-family: helvetica; }
  table { border: 0}
  .ref {padding-left: 1%; }
  .service {padding-left: 1%; }
  .return_link {border-top: 1px; border-bottom: 1px;
  padding: 1%; margin-top: 1%; margin-bottom: 1%; font-family: helvetica; }
  .copyright {color: black; border-top: 1px solid grey;
  border-bottom: 1px solid grey;
  padding: 1%; margin-top: 1%; margin-bottom: 1%;}
</style>
</head>
<body style="width:90%; margin-left: 5%; margin-right: 5%" bgcolor="#FFFFFF" >
<hr>
<!-- End header.html -->

logrotate.d logwatch

/var/log/logwatch/logwatch-report {
    daily
    # create 644
    nocompress
    dateext
    dateyesterday
    dateformat -%Y%m%d.txt
    maxage 365
    rotate 365
    minsize 0
    # size=+2048k
    ifempty
    missingok
    prerotate
       chmod go+r $1
    endscript
}

logwatch.conf

# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)


# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = High

#Output/Format Options
#By default Logwatch will print to stdout in text with no encoding.
#To make email Default set Output = mail to save to file set Output = file
Output = file

#To make Html the default formatting Format = html
Format = text

#To make Base64 [aka uuencode] Encode = base64
Encode = none

# Default person to mail reports to.  Can be a local account or a
# complete email address.  Variable Output should be set to mail, or
# --output mail should be passed on command line to enable mail feature.
MailTo = me@mine.com next@no-one.at

# WHen using option --multiemail, it is possible to specify a different
# email recipient per host processed.  For example, to send the report
# for hostname host1 to user@example.com, use:
#Mailto_host1 = user@example.com
# Multiple recipients can be specified by separating them with a space.

# if set, the results will be saved in <filename> instead of mailed
# or displayed. Be sure to set Output = file also.
Filename =  /var/log/logwatch/logwatch-report


# The 'Service' option expects either the name of a filter
# (in /usr/share/logwatch/scripts/services/*) or 'All'.
# The default service(s) to report on.  This should be left as All for
# most people.
Service = All
# You can also disable certain services (when specifying all)
Service = "-zz-network"     # Prevents execution of zz-network service, which
                            # prints useful network configuration info.
Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                            # prints useful system configuration info.
# If you only cared about FTP messages, you could use these 2 lines
# instead of the above:
#Service = ftpd-messages   # Processes ftpd messages in /var/log/messages
#Service = ftpd-xferlog    # Processes ftpd messages in /var/log/xferlog

services audit.conf

Title = "SLES Audit Log"