Shulou(Shulou.com)06/01 Report--

Linux how to install and use logwatch to prohibit log processing, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail, people with this need can come to learn, I hope you can get something.

In the Linux system operation, logwatch can analyze the system log report for Linux log processing, the following editor on the detailed introduction of Linux installation using logwatch method, interested friends may wish to understand.

The main purpose of logwatch is to generate log summaries that are easier to use, not for real-time processing and monitoring of logs. Because of this, logwatch is usually scheduled to run automatically with time and frequency set or manually run from the command line when log processing is needed. Once the log report is generated, logwatch can email the report to you, and you can save it as a file or display it directly on the screen.

The level of detail and coverage of Logwatch reports are fully customizable. Logwatch's log processing engine is also extensible, and in a sense, if you want to use logwatch functionality in a new application, you just need to write a log processing script (using the Perl language) for the log file of that application and attach it to logwatch.

The downside of logwatch is that there is no detailed timestamp information in the report it generates, which is present in the original log file. You can only know specific events that are recorded for a period of time, and if you want to know the exact point-in-time information, you have to look at the original log file.

Install Logwatch

On Debian systems or systems derived from them:

# aptitude install logwatch

On Red Hat-based publishing systems:

# yum install logwatch

Configure Logwatch

During installation, the main configuration file (logwatch.conf) is placed in the / etc/logwatch/conf directory. The setting options defined by this file (empty by default) override the system-level settings defined in the / usr/share/logwatch/default.conf/logwatch.conf file.

On the command line, start logwatch, and if you don't take arguments, the options defined in the / etc/logwatch/conf/logwatch.conf file will be used. However, as soon as you specify parameters, they override any default / custom settings in the / etc/logwatch/conf/logwatch.conf file.

In this article, we will edit the / etc/logwatch/conf/logwatch.conf file to personalize some of the default settings.

Detail= "Low,Med,High, or number"

The "Detail" configuration instruction controls the level of detail of the logwatch report. It can be a positive integer or High, Med, and Low options that represent 10, 5, and 0 numbers, respectively.

MailTo= youremailaddress@yourdomain.com

If you ask to email you a logwatch report, use the "MailTo" configuration directive. To send a report to multiple users, simply open their email address in a space and configure it. However, you need to configure local mail transfer agents (MTA), such as sendmail, Postfix, and so on, on the server where logwatch is running for this configuration instruction to work.

Range= "Yesterday | Today | All"

The "Range" configuration directive defines the time period information for generating logwatch reports. The usually optional values for this instruction are Yesterday, Today, and All. When "Rang = All" is enabled, the "Archive = yes" directive must also be configured, so that all archived log files (such as / var/log/maillog, / var/log/maillog.X, or / var/log/maillog.X.gz files) will be processed.

In addition to these general range values, you can also use complex selection values, as follows:

Range = "2 hours ago for that hour"

Range = "- 5 days"

Range = "between-7 days and-3 days"

Range = "since September 15, 2014"

Range = "first Friday in October"

Range = "12:50:15 for that second on 2014-10-15"

To use the free-form range in the above example, you need to download the Date::Manip module that installs Perl from CPAN (note: Comprehensive Perl Archive Network). For installation instructions on the CPAN module, please refer to this article http://www.linuxidc.com/Linux/2014-12/110704.htm.

Service= "service-name-1"

Service= "service-name-2"

The "Service" option specifies the service or services you want to monitor. The services listed in the / usr/share/logwatch/scripts/services directory can be monitored, they already cover important system services (such as pam,secure,iptables,syslogd, etc.), as well as some mainstream application services such as sudo, sshd, http, fail2ban, samba, etc. If you want to add a new service to the list, you need to write a corresponding log processing Perl script and put it in this directory.

If this option is to be used to select a specific service, you need to comment out the line "Service = All" in the / usr/share/logwatch/default.conf/logwatch.conf file.

Format= "text | html"

The "Format" configuration directive defines the format of an logwatch report (such as text or HTML).

Output= "file | mail | stdout"

The "Output" configuration directive defines the destination for the generated logwatch report to be sent. It can be saved as a file (file), generated by email (mail), or displayed directly on the screen (stdout).

Use Logwatch to analyze log files

To figure out how to use logwatch to analyze log files, refer to the following logwatch.conf file example:

Detail=High

MailTo= youremailaddress@yourdomain.com

Range=Today

Service= http

Service= postfix

Service= zz-disk_space

Format= html

Output= mail

Using these settings, logwatch will process the logs generated by the three application services (http, postfix, and zz-disk_space) on the same day, generate a very detailed report in HTML format, and then email it to you.

If you don't want to personalize / etc/logwatch/conf/logwatch.conf, you can leave the file unmodified to default, and then run the command on the command line as shown below. You'll get the same output.

# logwatch-detail 10-mailto youremailaddress@yourdomain.com-range today-service http-service postfix-service zz-disk_space-format html-output mail

The report sent by email looks like this:

The email header contains links to navigate to the details of the report, and there will also be a "return to the top" link for each selected service detail.

You may use the option of sending a report by email when there are few recipients. In other cases, you may want to generate a report in HTML format so that everyone who wants to see the report can see it on a web share. You only need to make some changes to the configuration in the example above:

Detail=High

Range=Today

Service= http

Service= postfix

Service= zz-disk_space

Format= html

Output= file

Filename=/var/www/html/logs/dev1.html

Similarly, you can run the following command on the command line.

# logwatch-detail 10-range today-service http-service postfix-service zz-disk_space-format html-output file-filename / var/www/html/logs/dev1.html

Finally, let's use cron to configure scheduled execution tasks for logwatch. In the following example, the logwatch scheduling task will be run at 12:15 in the afternoon of each working day.

# crontab-e

1512 examples 1, 2, 2, 3, 4, 4, 3, 5, 10, 5, 10, 5, 10, 5, 5, 10, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12, 15, 12

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.