Logwatch configuration and usage of Logwatch for managing linux Log automatic mailbox

Logwatch, as its name implies, is a software dedicated to monitoring Linuxlog files (log files. After installation, you can send the host log analysis file to the specified mailbox every day. Why? This saves the time and energy for administrators to manually view logs. And every day (or even more frequently

Logwatch, as its name implies, is a software that monitors Linux log Files. After installation, you can send the host log analysis file to the specified mailbox every day. Why? This saves the time and energy for administrators to manually view logs. And can receive logs accurately every day (or even more frequently. In this way, you can understand the security of your servers.
The following installation method applies to all Linux distributions in RPM format (such as REd).
First, go to the Logwatch official website to find the latest version of logwatch.
# WgetFtp: // Ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3.6-1.noarch.rpm
Check whether Logwatch already exists on your host (Logwatch is installed by default in Redhat, but the version is old ):
# Rpm-qa |GrepLogwatch
If there is no logwatch on the host, run the following command:
# Rpm-lvh logwatch-7.3.6-1.noarch.rpm
If you have an earlier version of logwatch, run the following command:
# Rpm-Uvh logwatch-7.3.6-1.noarch.rpm
After the installation is complete, start the Configuration:
# Vi/etc/logwatch/conf/logwatch. conf
Search
MailTo = then change to your actual Email address, such as MailTo = a@163.com
Detail = is the degree of Detail, recommended 10, that is, the highest
Add at last
Service = "-zz-network"
Service = "-zz-sys"
Service = "-ExImStatS"
(Note: In fact, some are not executed.CommandEmails cannot be received when sending emails)
Configuration instance:
# Local configuration options go here (defaults are in/usr/share/logwatch/default. conf/logwatch. conf)
# Example for logwatch configuration
LogDir =/var/log
TmpDir =/var/cache/logwatch
MailTo = a@163.com, a@yahoo.com.cn // separate multiple mailboxes with commas
MailFrom = Logwatch-test (192.168.2.110)
Print = No
Range = yesterday
Detail = Med
Service = All
Service = "-zz-network"
Service = "-zz-sys"
Service = "-eximstats"
Mailer = "sendmail-t"
By default, logwatch runs once a day (cron. daily ). The command for manually executing logwatch is:
# Perl/usr/share/logwatch/scripts/logwatch. pl
Command:
# Logwatch -- print
This command will briefly print yesterday's log information, such as user logon Failure Information, SSH logon information, and disk space usage.
View a service separately, such as SSH logon information:
# Logwatch -- service sshd -- print:
# Logwatch -- help LogWatch of the latest version has more than 70 Log configurations by default. It is easier to customize it if you want to monitor your own special logs. A simple record:
Let the system send emails to the specified mailbox at regular intervals:
# Vi/usr/local/sbin/logwatch. sh
#! /Usr/bin/perl
Perl/usr/share/logwatch/scripts/logwatch. pl
#ChmodU + x/usr/local/sbin/logwatch. sh
#Crontab-E
Add: 0 0 ***/usr/local/sbin/logwatch. sh>/dev/null 2> & 1
In this way, the system sends system logs to the specified email system at every day ......