| ||
|
Logwatch инсталиране и конфигурация на Debian 7Logwatch е модулен лог анализатор, който работи всяка нощ и праща писма с резултатите. Освен автоматичен режим програма може да се пуска и ръчно от конзола Да започнем с инсталацията: #apt-get install logwatch инсталацията е автоматична и не се налага да правите абсолютно нищо Сега трябва да се конфигурира програмата. конфигурационния файл на logwatch се намира в /etc/logwatch/conf/logwatch.conf Default Logwatch configuration file as below and you need to change this file options nano /etc/logwatch/conf/logwatch.conf # NOTE: # All these options are the defaults if you run logwatch with no # command-line arguments. You can override all of these on the # command-line. # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of <name> = <value>. Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 # Default Log Directory # All log-files are assumed to be given relative to this directory. LogDir = /var/log # You can override the default temp directory (/tmp) here TmpDir = /tmp # Default person to mail reports to. Can be a local account or a # complete email address. MailTo = root # If set to 'Yes', the report will be sent to stdout instead of being # mailed to above person. Print = No # Leave this to 'Yes' if you have the mktemp program and it supports # the '-d' option. Some older version of mktemp on pre-RH7.X did not # support this option, so set this to no in that case and Logwatch will # use internal temp directory creation that is (hopefully) just as secure UseMkTemp = Yes # # Some systems have mktemp in a different place # MkTemp = /bin/mktemp # if set, the results will be saved in <filename> instead of mailed # or displayed. #Save = /tmp/logwatch # Use archives? If set to 'Yes', the archives of logfiles # (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will # be searched in addition to the /var/log/messages file. # This usually will not do much if your range is set to just # 'Yesterday' or 'Today'... it is probably best used with # Archives = Yes # Range = All # The default time range for the report... # The current choices are All, Today, Yesterday Range = yesterday # The default detail level for the report. # This can either be Low, Med, High or a number. # Low = 0 # Med = 5 # High = 10 Detail = Med # The 'Service' option expects either the name of a filter # (in /etc/log.d/scripts/services/*) or 'All'. # The default service(s) to report on. This should be left as All for # most people. Service = All # You can also disable certain services (when specifying all) #Service = -zz-fortune # If you only cared about FTP messages, you could use these 2 lines # instead of the above: #Service = ftpd-messages # Processes ftpd messages in /var/log/messages #Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog # Maybe you only wanted reports on PAM messages, then you would use: #Service = pam_pwdb # PAM_pwdb messages - usually quite a bit #Service = pam # General PAM messages... usually not many # You can also choose to use the 'LogFile' option. This will cause # logwatch to only analyze that one logfile.. for example: #LogFile = messages # will process /var/log/messages. This will run all the filters that # process that logfile. This option is probably not too useful to # most people. Setting 'Service' to 'All' above analyizes all LogFiles # anyways... # # some systems have different locations for mailers # mailer = /usr/bin/mail # # With this option set to 'Yes', only log entries for this particular host # (as returned by 'hostname' command) will be processed. The hostname # can also be overridden on the commandline (with --hostname option). This # can allow a log host to process only its own logs, or Logwatch can be # run once per host included in the logfiles. # # The default is to report on all log entries, regardless of its source host. # Note that some logfiles do not include host information and will not be # influenced by this setting. # #HostLimit = Yes С командата # logwatch - проверяваме дали всичко работи Се га е време да го добавиме да се изпълнява автоматично което става по следния начин. #crontab -e и добавяме следния ред 0 1 * * * /usr/sbin/logwatch Вече сте готови ако ви трябва повече инфо прочетете man-a лека
|
|