Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux systems use logwatch log file monitoring     - Python programmers most often committed ten errors (Programming)

- Ubuntu firewall installation and configuration (Linux)

- Caffe + Ubuntu 14.04 64bit + CUDA 6.5 configuration instructions (Linux)

- Oracle 11g to create a second instance on Linux (Database)

- Linux netstat command to get started (Linux)

- E: Sub-process / usr / bin / dpkg returned an error code (1) error solution (Linux)

- Ubuntu 14.04 / 13.10 users how to install Ubuntu Touch core applications (Linux)

- PHP 5.3 New Features Detail (Linux)

- Windows7 system using Vagrant to build Linux virtualized development environment (Linux)

- Ten correct use Redis skills (Database)

- The FreeBSD zfs: failed with error 6 Error Resolution (Linux)

- Install the Red Hat Container Development Kit on OSX (Server)

- Gentoo: startx problem appears Failed to load module (Linux)

- 5 fast Node.js application performance tips (Programming)

- Use Epoll develop high-performance application server on Linux (Server)

- Two classic macro definition under Linux (Linux)

- Analysis: Little Notebook facing a major security threat secure online (Linux)

- Linux modify environment variables method (Linux)

- Hibernate4 The Hello World (basic environmental structures) (Programming)

- How to ensure that the Internet will not be attacked (Linux)

  Linux systems use logwatch log file monitoring
  Add Date : 2018-11-21      
  Linux operating system, and many applications will create a special file to record the events they run, these files are often referred to as "log." When trying to understand the behavior of the operating system or third-party applications or for troubleshooting, these system logs or specific application log files are essential tools. However, the log file that you did not have the so-called "clear" or "easy" this level of readability. Manual analysis of the original log file is simply a waste of time and tedious. For this reason, for system administrators, no one can find the original log files into a more user-friendly summaries of tools, will benefit enormously.

logwatch is an open source written in Perl parsing log analyzer. It's the original log file is parsed and converted into a structured document format, but also according to your usage and needs to customize reports. The main purpose is to generate logwatch log digest easier to use, is not used to log real-time processing and monitoring. Because of this, logwatch is usually a good time to set the timing and frequency of the tasks scheduled to run automatically or need to log in manually from the command line when processing operation. Once the log report generation, logwatch can be sent to you via e-mail this report, you can save it to a file or directly displayed on the screen.

The level of detail and Coverage Logwatch report is fully customizable. Logwatch log processing engine is also extensible, in a sense, if you want to use logwatch feature in a new application, it only need to write a script for the log processing application's log file (using the Perl language ), and then attached to the logwatch on the line.

logwatch bad thing is, it generates the report did not detail the timestamp information, and the original log file is there. You can only know that certain events are recorded within a period of time, if you want to know the exact point in time information, you have to see the original log files.

Installation Logwatch

On Debian systems, or systems derived:

# Aptitude install logwatch
On the release of Red Hat-based systems:

# Yum install logwatch
Configuration Logwatch

When installed, main configuration file (logwatch.conf) be placed in / etc / logwatch / conf directory. This file (default is empty) defined setting options will overwrite defined in /usr/share/logwatch/default.conf/logwatch.conf file system-level settings.

At the command line, start logwatch, without parameters, it will use the options /etc/logwatch/conf/logwatch.conf defined in the document. But, as long as one parameter is specified, they will override any default file /etc/logwatch/conf/logwatch.conf / custom settings.

This article, we'll edit /etc/logwatch/conf/logwatch.conf files for some of the default settings do personalized settings.

Detail = < Low, Med, High, or number>
"Detail" configuration directive controls the level of detail logwatch reports. It can be a positive integer, it can be 10, 5 and 0 respectively represent the numbers High, Med, Low few options.

MailTo = youremailaddress@yourdomain.com
If you let a logwatch to report to your e-mail, then use "MailTo" the configuration directives. A report should be sent to multiple users, just to have their e-mail addresses by spaces, then configure the upswing. However, you need to configure local message transfer agent (MTA) such as, sendmail, Postfix, etc. on the server logwatch running this configuration directives items to work.

Range = < Yesterday | Today | All>
"Range" configuration directive defines the time period information generating logwatch reports. This command is usually optional value is Yesterday, Today, All. When a role when "Rang = All", the "Archive = yes" this instruction item must also be configured, then all of the archived log files (for example, / var / log / maillog, / var / log / maillog.X or /var/log/maillog.X.gz file) will be treated to.

In addition to these general range values, you can also choose to use more complex values, as follows:

Range = "2 hours ago for that hour"
Range = "-5 days"
Range = "between -7 days and -3 days"
Range = "since September 15, 2014"
Range = "first Friday in October"
Range = "2014/10/15 12:50:15 for that second"
To use the example above, a free-form range, you'll need from CPAN (Note: Comprehensive Perl Archive Network) to download and install the Perl Date :: Manip module. On CPAN module installation instructions, please see this article http://www.linuxidc.com/Linux/2014-12/110704.htm.

Service = < service-name-1>
Service = < service-name-2>
"Service" option to specify one or more services you want to monitor. In / usr / share / logwatch / scripts / services, the directory service can be monitored, they have covered the essential system services (for example: pam, secure, iptables, syslogd, etc.), but also covers things like sudo, sshd , http, fail2ban, samba and other mainstream applications. If you want to add a new service to the list, was prepared by a corresponding log processing Perl script and put it in this directory.

If this option is used to select a specific service, you need to /usr/share/logwatch/default.conf/logwatch.conf file "Service = All" comment out this line.

Format = < text | html>
"Format" configuration directive defines a logwatch report format (such as text or HTML).

Output = < file | mail | stdout>
"Output" configuration directives defined destinations generated logwatch reports to be sent. It can be saved as a file (file), generates an e-mail (mail) or directly displayed (stdout) on the screen.

To analyze log files with Logwatch

To figure out how to use logwatch to analyze the log file, you can refer to the following logwatch.conf file examples:

Detail = High
MailTo = youremailaddress@yourdomain.com
Range = Today
Service = http
Service = postfix
Service = zz-disk_space
Format = html
Output = mail
Using these settings, logwatch will deal with three application services (http, postfix and zz-disk_space) Log day produced generates a very detailed report in HTML format, and then e-mail it to you.

If you do not want to personalize /etc/logwatch/conf/logwatch.conf, you can not modify this file allowed to default, and then run the command as shown in the command line. You will get the same output.

# Logwatch --detail 10 --mailto youremailaddress@yourdomain.com --range today --service http --service postfix --service zz-disk_space --format html --output mail

The e-mail header contains navigation links pointing to details of the report, and in the details of each selected service, there will be "back to top" link.

Under the recipient rare cases, you may use this option to send e-mail reports. In other cases, you may be allowed will be generated as reports in HTML format, so that each want to see this report can be seen from inside the network share. Just take the example above, the configuration of some changes can be achieved:

Detail = High
Range = Today
Service = http
Service = postfix
Service = zz-disk_space
Format = html
Output = file
Filename = / var / www / html / logs / dev1.html
Similarly, you can also run the following command at the command line.

# Logwatch --detail 10 --range today --service http --service postfix --service zz-disk_space --format html --output file --filename /var/www/html/logs/dev1.html
Finally, let us use cron to configure logwatch the scheduled task. The following example, the scheduled task will run logwatch each weekday afternoon 12:15 minutes.

# Crontab -e
1512 ** 1,2,3,4,5 / sbin / logwatch
I hope this helps. Welcome to the community to comment or share their ideas and experience!
- Ubuntu 12.04 installation instructions under GAMIT10.40 (Linux)
- Oracle Linux 5.5 (64bit) Install Oracle 11gR2 RAC detailed tutorial (Database)
- After CentOS configure SSH password Free, still prompted for a password (Linux)
- Docker Build a Java compiler environment (Linux)
- PPA on Ubuntu Linux installation Plank 0.8.0 (Linux)
- Java precision four operations (Programming)
- Ubuntu install Avast antivirus software (Programming)
- Oracle RMAN-06023 and ORA-19693 errors (Database)
- iostat command Detailed (Linux)
- The security administrator network analysis tools SATAN Introduction under Linux (Linux)
- Can not remember how to solve the problem under Ubuntu brightness setting (Linux)
- The most simple drive to write and test procedures under linux (Programming)
- Linux System Getting Started Tutorial: How to find the maximum memory your system supports (Linux)
- History and Statistics tuptime use tools to view Linux server system boot time (Server)
- Nginx logging client ip (Server)
- JavaScript basic tools list (Programming)
- Linux three ways to set environment variables (Linux)
- cursor_sharing induced error ORA-00600 (Database)
- Python basis: os module on the file / directory using methods commonly used functions (Programming)
- Depth understanding of C language (Programming)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.