Нaучете се с Lesson2Me.Com

Logwatch инсталиране и конфигурация на Debian 7
Публикувана от smilev на March 01 2014 20:04:56

Logwatch е модулен лог анализатор, който работи всяка нощ и праща писма с резултатите. Освен автоматичен режим програма може да се пуска и ръчно от конзола

Разширена новина

Logwatch е модулен лог анализатор, който работи всяка нощ и праща писма с резултатите. Освен автоматичен режим програма може да се пуска и ръчно от конзола

Да започнем с инсталацията:

#apt-get install logwatch
инсталацията е автоматична и не се налага да правите абсолютно нищо

Сега трябва да се конфигурира програмата.

конфигурационния файл на logwatch се намира в /etc/logwatch/conf/logwatch.conf

Default Logwatch configuration file as below and you need to change this file options

nano /etc/logwatch/conf/logwatch.conf

# NOTE:
#   All these options are the defaults if you run logwatch with no
#   command-line arguments. You can override all of these on the
#   command-line.
# You can put comments anywhere you want to. They are effective for the
# rest of the line.
# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.
# Yes = True = On = 1
# No = False = Off = 0
# Default Log Directory
# All log-files are assumed to be given relative to this directory.

LogDir = /var/log

# You can override the default temp directory (/tmp) here

TmpDir = /tmp

# Default person to mail reports to. Can be a local account or a
# complete email address.

MailTo = root

# If set to 'Yes', the report will be sent to stdout instead of being
# mailed to above person.

Print = No

# Leave this to 'Yes' if you have the mktemp program and it supports
# the '-d' option. Some older version of mktemp on pre-RH7.X did not
# support this option, so set this to no in that case and Logwatch will
# use internal temp directory creation that is (hopefully) just as secure

UseMkTemp = Yes

#
#       Some systems have mktemp in a different place
#

MkTemp = /bin/mktemp

# if set, the results will be saved in <filename> instead of mailed
# or displayed.
#Save = /tmp/logwatch
# Use archives? If set to 'Yes', the archives of logfiles
# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
# be searched in addition to the /var/log/messages file.
# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'... it is probably best used with
# Archives = Yes
# Range = All
# The default time range for the report...
# The current choices are All, Today, Yesterday
Range = yesterday
# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10

Detail = Med

# The 'Service' option expects either the name of a filter
# (in /etc/log.d/scripts/services/*) or 'All'.
# The default service(s) to report on. This should be left as All for
# most people.

Service = All

# You can also disable certain services (when specifying all)
#Service = -zz-fortune
# If you only cared about FTP messages, you could use these 2 lines
# instead of the above:
#Service = ftpd-messages   # Processes ftpd messages in /var/log/messages
#Service = ftpd-xferlog    # Processes ftpd messages in /var/log/xferlog
# Maybe you only wanted reports on PAM messages, then you would use:
#Service = pam_pwdb     # PAM_pwdb messages - usually quite a bit
#Service = pam          # General PAM messages... usually not many
# You can also choose to use the 'LogFile' option. This will cause
# logwatch to only analyze that one logfile.. for example:
#LogFile = messages
# will process /var/log/messages. This will run all the filters that
# process that logfile. This option is probably not too useful to
# most people. Setting 'Service' to 'All' above analyizes all LogFiles
# anyways...
#
# some systems have different locations for mailers
#

mailer = /usr/bin/mail

#
# With this option set to 'Yes', only log entries for this particular host
# (as returned by 'hostname' command) will be processed. The hostname
# can also be overridden on the commandline (with --hostname option). This
# can allow a log host to process only its own logs, or Logwatch can be
# run once per host included in the logfiles.
#
# The default is to report on all log entries, regardless of its source host.
# Note that some logfiles do not include host information and will not be
# influenced by this setting.

#

#HostLimit = Yes

С командата
# logwatch    -   проверяваме дали всичко работи

Се га е време да го добавиме да се изпълнява автоматично което става по следния начин.
#crontab -e
и добавяме следния ред

0 1 * * *    /usr/sbin/logwatch

Вече сте готови
ако ви трябва повече инфо прочетете man-a
лека