Logwatch is a utility that can be used to create an aggregated/filtered view of loges from various sources & format the data into a neat report in html format (text option also available). The logwatch configuration file can be configured to save this report as a file on the system or email it to users mentioned in the configuration file.
The installation is fairly straightforward. Logwatch installs as a single rpm:
[root@centdb ~]# yum install logwatch
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package logwatch.noarch 0:7.3.6-52.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================
Installing:
logwatch noarch 7.3.6-52.el6 test 302 k
Transaction Summary
======================================================================================================================================
Install 1 Package(s)
Total download size: 302 k
Installed size: 1.3 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : logwatch-7.3.6-52.el6.noarch 1/1
Verifying : logwatch-7.3.6-52.el6.noarch 1/1
Installed:
logwatch.noarch 0:7.3.6-52.el6
Complete!
The installation is fairly straightforward. Logwatch installs as a single rpm:
[root@centdb ~]# yum install logwatch
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package logwatch.noarch 0:7.3.6-52.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================
Installing:
logwatch noarch 7.3.6-52.el6 test 302 k
Transaction Summary
======================================================================================================================================
Install 1 Package(s)
Total download size: 302 k
Installed size: 1.3 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Installing : logwatch-7.3.6-52.el6.noarch 1/1
Verifying : logwatch-7.3.6-52.el6.noarch 1/1
Installed:
logwatch.noarch 0:7.3.6-52.el6
Complete!
The main configuration file is /etc/logwatch/conf/logwatch.conf. By default this file is empty & the default configuration file used is /usr/share/logwatch/default.conf/logwatch.conf.
The configuration file I used while writing this article is given below:
Detail = Med
Range = Today
Service = All
Output = html
save = /var/log/logwatch/report.html
We can then schedule logwatch command to run periodically as a cron job. I scheduled the job to run every 2 minutes.
*/2 * * * * /usr/sbin/logwatch
If we need to generate a specific logwatch report without modifying the configuration file then the parameters mentioned in the example logwatch.conf file can be specified on the command line as follows:
logwatch --detail 10 --range today --service sshd --output html --save /var/tmp/dev1.html
The output report looks like the screens hot given below:
No comments:
Post a Comment