#Author:空气人儿
使用笔记:
1、下载
wget ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3.6-1.noarch.rpm
2 安装
检查你的主机上是否已经存在Logwatch(Redhat默认已经安装了Logwatch,不过版本比较旧):
rpm -qa logwatch
如果主机上没有logwatch,则执行:
rpm -Ivh logwatch***.rpm
如果有老版本的logwatch,则执行:
rpm -Uvh logwatch***.rpm
3、配置
安装完毕后,开始配置:
可以修改和添加它的logfiles、services和其他配置,但默认已经有很多脚本了,只要在1)里设置Detail = High就可以了。
1)可以添加新的配置到 /etc/logwatch/conf/logwatch.conf
2)也可以修改/usr/share/logwatch/default.conf/logwatch.conf
但1)会覆盖2)(即: /etc/logwatch/conf/ 会自动覆盖/usr/share/logwatch/default.conf/下的同名文件)。
4、其他
其他配置可以参见man logwatch和logwatch –help
5、举例
如果没有设置logwatch.conf也没关系,可以直接在命令行下设置。
如:logwatch –detail High –Service All –range All –print 基本就可以显示出所有日志的情况了
如:logwatch –service sshd –detail High 只看sshd的日志情况
6、其他
logwatch默认每天执行一次,可以从/etc/cron.daily里看到。
Have fun!
[root@www conf]# logwatch –help
–detail <level>: Report Detail Level – High, Med, Low or any #.
–logfile <name>: *Name of a logfile definition to report on.
–service <name>: *Name of a service definition to report on.
–print: Display report to stdout.
–mailto <addr>: Mail report to <addr>.
–archives: Use archived log files too.
–save <filename>: Save to <filename>.
–range <range>: Date range: Yesterday, Today or All.
–debug <level>: Debug Level – High, Med, Low or any #.
–splithosts: Create a report for each host in syslog.
–multiemail: Send each host report in a separate email. Ignored if
not using –splithosts.
–version: Displays current version.
–help: This message.
* = Switch can be specified multiple times…