Manualshelf

System information

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 5.4 - SYSTEMTAP BEGINNERS GUIDE
71727374757677787980
66 System Analysis and Tuning Guide
4.4 Monitoring Log Files with
logwatch
logwatch is a customizable, pluggable log-monitoring script. It parses system logs,
extracts the important information and presents them in a human readable manner. To
use logwatch, install the logwatch package.
logwatch can either be used at the command-line to generate on-the-fly reports,
or via cron to regularly create custom reports. Reports can either be printed on the
screen, saved to a file, or be mailed to a specified address. The latter is especially use-
ful when automatically generating reports via cron.
The command-line syntax is easy. You basically tell logwatch for which service,
time span and to which detail level to generate a report:
# Detailed report on all kernel messages from yesterday
logwatch --service kernel --detail High --range Yesterday --print
# Low detail report on all sshd events recorded (incl. archived logs)
logwatch --service sshd --detail Low --range All --archives --print
# Mail a report on all smartd messages from May 5th to May 7th to root@localhost
logwatch --service smartd --range 'between 5/5/2005 and 5/7/2005' \
--mailto root@localhost --print
The --range option has got a complex syntax—see logwatch --range help
for details. A list of all services that can be queried is available with the following
command:
ls /usr/share/logwatch/default.conf/services/ | sed 's/\.conf//g'
logwatch can be customized to great detail. However, the default configuration
should be sufficient in most cases. The default configuration files are located under
/usr/share/logwatch/default.conf/. Never change them because they
would get overwritten again with the next update. Rather place custom configuration
in /etc/logwatch/conf/ (you may use the default configuration file as a tem-
plate, though). A detailed HOWTO on customizing logwatch is available at /usr/
share/doc/packages/logwatch/HOWTO-Customize-LogWatch. The
following config files exist:
logwatch.conf
The main configuration file. The default version is extensively commented. Each
configuration option can be overwritten on the command line.