Skip to content


用 Logwatch 工具查看 Linux 系统 Log 日志

logwatch 是用perl写的一款方便小巧的日志查看工具,可以每天给你发一封格化后的系统信息邮件;
包含crontab运行中的脚本、ssh登录及失败用户ip、su及sudo用户、磁盘空间及邮件等情况…
一般系统中都默认安装它,只需简单配置下就可运行.

http://www.logwatch.org/
目前最新版为logwatch-7.4.0,logwatch-7.3.6
centos里yum装的为logwatch-7.3.6

安装
rpm -Ivh logwatch***.rpm
升级
rpm -Uvh logwatch***.rpm
yum安装升级
yum -y install logwatch

  1. #复制配置文件
  2. cp -af /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/logwatch.conf
  3. #打开每日邮件报告
  4. sed -i 's/# DailyReport = No/DailyReport = Yes/' /etc/logwatch/conf/logwatch.conf
  5. #修改邮件mta,如果是本机sendmail或postfix不不需修改,这个用的是mailx的远程smtp
  6. sed -i 's/mailer = "sendmail -t"/mailer = "mail -t"/' /etc/logwatch/conf/logwatch.conf
  7. #报告的细节程度
  8. sed -i 's/Detail = Low/Detail = High/' /etc/logwatch/conf/logwatch.conf
  9. #邮件发给谁
  10. sed -i "s/MailTo = root/MailTo = root,c1g@c1gstudio.com/" /etc/logwatch/conf/logwatch.conf

logwatch默认每天执行一次,可以从/etc/cron.daily里看到
ll /etc/cron.daily/

  1. total 28
  2. -rwxr-xr-x  1 root root  265 Jun 25  2011 0logwatch

红帽as4系统中配置文件位于/etc/log.d/logwatch.conf
============================================
2012-11-09更新
注:由于系统日志中不记录年份,日志量过少没有轮换会产生误报的情况.
今年读取了去年的日志来报告.

Posted in 安全.

Tagged with , .


No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.