- Unix Commands Reference
- Unix Commands - Home
logwatch - Unix, Linux Command
NAME
logwatch: system log analyzer and reporter.
SYNOPSIS
DESCRIPTION
logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Easy to use - works right out of the package on almost all systems.
Options
| Tag | Description |
|---|---|
| --detail level | This is the detail level of the report. level can be a positive integer, or high, med, low, which correspond to the integers 10, 5, and 0, repectively.. |
| --logfile log-file-group | This will force Logwatch to process only the set of logfiles defined by log-file-group (i.e. messages, xferlog, ...). Logwatch will therefore process all services that use those logfiles. This option can be specified more than once to specify multiple logfile-groups. |
| --service service-name | This will force Logwatch to process only the service specified in service-name (i.e. login, pam, identd, ...). Logwatch will therefore also process any log-file-groups necessary to process these services. |
| --debug level | Print the results to stdout (i.e. the screen).. |
| --mailto address | Mail the results to the email address or user specified in address. This option overrides the --print option. |
| --range range | You can specify a date-range to process. Common ranges are Yesterday, Today, All, and Help. Additional options are listed when invoked with the Help parameter. |
| --archives | Each log-file-group has basic logfiles (i.e. /var/log/messages) as well as archives (i.e. /var/log/messages.? or /var/log/messages.?.gz). When used with "--range all", this option will make Logwatch search through the archives in addition to the regular logfiles. |
| --debug level | For debugging purposes. level can range from 0 to 100. This will really clutter up your output. You probably don't want to use this. |
| --save file-name | Save the output to file-name instead of displaying or mailing it. |
| --logdir directory | Look in directory for log subdirectories or log files instead of the default directory. |
| --hostname hostname | Use hostname for the reports instead of this system's hostname. In addition, if HostLimit is set in the logwatch.conf configuration file. |
| --numeric | Inhibits additional name lookups, displaying IP addresses numerically. |
| --no-oldfiles-log | Suppress the logwatch log, which informs about the old files in logwatch tmpdir. |
| --help | Displays usage information. |
EXAMPLES
Example-1:
To create a few override files with custom settings. Create the following file :
$ sudo vim /etc/logwatch/conf/services/zz-disk_space.conf
Put in the following contents
#New disk report options #Uncomment this to show the home directory sizes $show_home_dir_sizes = 1 $home_dir = "/home" #Uncomment this to show the mail spool size $show_mail_dir_sizes = 1 $mail_dir = "/var/spool/mail" #Uncomment this to show the system directory sizes /opt /usr/ /var/log $show_disk_usage = 1
create the following file:
$ sudo vim /etc/logwatch/conf/services/http.conf Put in these contents: # Set flag to 1 to enable ignore # or set to 0 to disable $HTTP_IGNORE_ERROR_HACKS = 1
you may want to edit the email address that logwatch emails the report.:
$ sudo vim /etc/logwatch/conf/logwatch.conf Set MailTo = to an email address as desired: # Default person to mail reports to. Can be a local account or a # complete email address. Variable Print should be set to No to # enable mail feature. #MailTo = root MailTo = [email protected]
To print all FTP transfers that are stored in all current and archived xferlogs.:
$ logwatch --service ftpd-xferlog --range all --detail high --print --archives
Example-2:
To print out login information for the previous day.
$ logwatch --service pam_pwdb --range yesterday --detail high --print
Advertisements