Use Logwatch tool to monitor Linux System Log

Logwatch, as its name implies, is a software that monitors Linux log Files. After installation, you can send the host log analysis file to the specified mailbox every day. Why? This saves the time and energy for administrators to manually view logs. And can receive logs accurately every day (or even more frequently. In this way, you can understand the security of your servers.

The following installation method applies to all RPM Linux distributions (such as Redhat ).
First, go to the Logwatch official website to find the latest version of logwatch.
# Wget ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3.6-1.noarch.rpm

Check whether Logwatch already exists on your host (Logwatch is installed by default in Redhat, but the version is old ):
# Rpm-qa | grep logwatch

If there is no logwatch on the host, run the following command:
# Rpm-lvh logwatch-7.3.6-1.noarch.rpm

If you have an earlier version of logwatch, run the following command:
# Rpm-Uvh logwatch-7.3.6-1.noarch.rpm

After the installation is complete, start the Configuration:
# Vi/etc/logwatch/conf/logwatch. conf

Search
MailTo = then change to your actual Email address, such as MailTo = a@163.com
Detail = is the degree of Detail, recommended 10, that is, the highest

Add at last
Service = "-zz-network"
Service = "-zz-sys"
Service = "-eximstats"
(Note: In fact, emails cannot be received when you execute the command to send emails)

Configuration instance:

# Local configuration options go here (defaults are in/usr/share/logwatch/default. conf/logwatch. conf)
# Example for logwatch configuration
LogDir =/var/log
TmpDir =/var/cache/logwatch
MailTo = a@163.com, a@yahoo.com.cn // separate multiple mailboxes with commas
MailFrom = Logwatch-test (192.168.2.110)
Print = No
Range = yesterday
Detail = Med
Service = All
Service = "-zz-network"
Service = "-zz-sys"
Service = "-eximstats"
Mailer = "sendmail-t"

By default, logwatch runs once a day (cron. daily ). The command for manually executing logwatch is:
# Perl/usr/share/logwatch/scripts/logwatch. pl

Command:
# Logwatch -- print
This command will briefly print yesterday's log information, such as user logon Failure Information, SSH logon information, and disk space usage.

View a service separately, such as SSH logon information:
# Logwatch -- service sshd -- print:
# Logwatch -- help LogWatch of the latest version has more than 70 Log configurations by default. It is easier to customize it if you want to monitor your own special logs. A simple record:

Let the system send emails to the specified mailbox at regular intervals:
# Vi/usr/local/sbin/logwatch. sh
#! /Usr/bin/perl
Perl/usr/share/logwatch/scripts/logwatch. pl
# Chmod u + x/usr/local/sbin/logwatch. sh

# Crontab-e
Add: 0 0 ***/usr/local/sbin/logwatch. sh>/dev/null 2> & 1

In this way, the system sends system logs to the specified email system at every day ......