SrvReport - Automatic Server Reporting System

Introduction

SrvReport is a simple and featurefull server monitoring and reporting system. It can send every day a mail with the latest state of the server including:

  • Network traffic report (including graph per hour)
  • Network traffic via 'iptables'
  • Web-server traffic and vhost report
  • CPU usage report (including dayly graph per quater)
  • Xfer-logs (ftp)
  • Analyse of postfix/sendmail mail-log (to, from, size)
  • Analyse of qpopper checks (username, # of checks, time)
  • Last authenticated users
  • Report of server warnings
  • System informations (mounted volumes / meminfo)
  • Optional test for rootkits (with chkrootkit)
  • Optional may other reports (via config-file)

The email report will be in HTML (mime with graphics) and text-only format. It is primarily designed for admins who has a server on a remote location and who wants to know what is going on, without always looking at some log-files.

Additional feature:

  • Fully localized
  • Design is flexible via CSS
  • Highly configurable via config-file and different reporting modules

Here is a full mail-example

Project page

http://sourceforge.net/projects/srvreport/

Download

Releases can be found here.

Sometimes SF has some problems with the download. If this happens you can also download it from here

History

The change log is available here.

Installation

Configuration

The configuration is located in bin/srvreport.conf. The configuration is very easy. There are only a few global settings and then you just need to specify which "modules" you want to use.

Global Settings

Example

Here is an complete example for an configuration

Modules

Reports are generated via "modules". This are perl modules which implement the report generation for a specific task. In the actual state, the following report-modules are already available.

Each module config section starts with the names in square brackets: [name]
This name is also used in the order setting under global settings. In the following each section must contain at least the following keys:

LogReport

With this report-module you can simply show any kind of log-entries or outputs from some command in your reports.
I use it for reporting of server warnings, FTP-log entries, a list of the logins (via /usr/bin/last-commandentries and for checking of rootkits (via chkrootkit).

The configuration is very flexible. It contains the following entries:

file
This file will be read and used for analyse. The name of the file can also contain special keywords, which will be repaced during processing:
wholefile
If this is set to 1 then the whole file is processed against the pattern or regex (if specified). If this is not set or set to 0, then it is tried to check against the pattern which contains a "%timex" key. And only the lines which contains the actual date of the report is used.
pattern
For more info see:Pattern syntax
regex
If you do not specify a pattern, you can also use some regual expression.
Examples
[FTPLogs]
module      = LogReport
description = FTP-Logs
file        = /var/log/xferlog
pattern     = %o %time1
Here is a more complete example for an configuration
And here is the given mail-output

HttpdReport

With this you can analyse web-server logfiles (like apache logfiles). One problem of analysing log files is logrotate. To overcome this I used an piplog.pl for the apache server. With this pipelog it is possible to create an logfile for every day without restarting or reloading the web server. This logfile can now be analysed (if the day is over) and afterwords deleted.

The apache pipelog.pl is also included in this release (in the bin directory).
If you want to use this, you just need to change the /etc/httpd/httpd.conf and add the following entries (if you have vhosts):

LogFormat "%v \"%{Host}i\" %h %t \"%r\" %>s %b" srvreport
CustomLog |/root/srvreport-x.xx/bin/pipelog.pl srvreport

You also can use any kind of LogFormat. You then only have to change the default pattern string in the srvreport.conf files.

Examples
[WebServer]
module      = HttpdReport
description = Web-Server
file        = /var/log/httpd/srvreport_%%YYYY-%%MM-%%DD
wholeFile = 1
showHTTPStatus = 1
pattern     = %o %"vhost %o %time3 %"o %state %bytes
Here is a more complete example for an configuration
And here is the given mail-output

TrafficReport

For reporting the traffic, the /proc/net/dev file is used. It reports in/out traffic since system boot. All values are read every 15 minutes and are stored in a separate file in data directory. This file is then read right after midnight when the report is generated. Afterwords, this file is deleted.
Examples
[Traffic]
module      = TrafficReport
description = Traffic report
file        = /proc/net/dev
interface   = eth0:
pattern     = %interface %in %o %o %o %o %o %o %o %out
Here is a more complete example for an configuration
And here is the given mail-output

CPUReport

It used the /usr/bin/uptime command. This is read as "normal" file via the "pipe" symbol (|) at the end. To find the correct value for the 15 minute CPU usage, a regular expression is ueed.
Examples
[CPUUsage]
module      = CPUReport
description = CPU Usage
file        = /usr/bin/uptime |
regex       = load average:\s+\d\.\d\d,\s+\d\.\d\d,\s+(\d\.\d\d)
Here is a more complete example for an configuration
And here is the given mail-output

PostfixReport

This will create an report for postfix logfiles /etc/mail.
Examples
[Postfix]
module      = PostfixReport
description = Postfix
file        = /var/log/mail
pattern     = %time2
# with the following you can specify the report(s) that will be 
# generated from the mail-log
# You can combine the values to get multiple statistics
# Bit 0 =>  1: Overview
# Bit 1 =>  2: Detailed list with all mail-IDs
# Bit 2 =>  4: Grouped by "to"
# Bit 3 =>  8: Popper-analyze
# Bit 4 => 16: Reject-report
# Bit 5 => 32: Graphical report with #Msgs / bytes per hour
# Bit 6 => 64: Table Report with #Msgs / bytes per hour
# Default is 1+4+8+16+32+64=125

mailReportType = 125

Here is a more complete example for an configuration
And here is the given mail-output

Pattern syntax

Some modules support the "pattern" config entry. A pattern contains one or more keys. A pattern-key always starts with the percent (%) character followed by some keyword. Between such pattern-keys there must be always ONE space. The following keywords are defined:

Problems and solutions

LogRotate

If you want to analyse some system log files, then you might run into the problem that this file was just rotated via logrotate. The effect is that you loose some info.

To overcome this there are several solutions: For apache websever I added an CustomLog and use my piplog.pl to do my own logging for every day. This file is then deleted if the report is generated.

Create your own reporting-module

This software has a OO-design, so it can be easy extended by other programmers.

You can either derive your report-module from BaseReport or from BaseFileReport (which is usualy the case)

BaseReport

Known variables

BaseFileReport

Known variables

SourceForge.net Logo