Logwatch command in Linux

Time:2019-10-9

Logwatch commandIt is a customizable and pluggable log monitoring system that generates log reports by traversing system log files within a given time range. Logwatch is executed once a day by default, and can be executed from/etc/cron.dailySee here.

grammar

Logwatch (option)

option

Detail < report detail >: specify the detail of log reports;
Logfile < Logfile >: Only the specified log files are processed;
Service < Service Name >: Only log files for specified services are processed;
Print: Print results to standard output;
Mailto < Mail Address >: Send the results to the designated mailbox;
Range < date range >: specify the date range for processing logs;
Archves: Processing archived log files;
Debug < Debugging Level >: Debugging Mode;
Save < filename >: save the result to the specified file without displaying or sending it to the specified mailbox;
Logdir < Directory >: Specify the directory to find log files instead of using the default log directory;
- hostname < host name >: specify the host name used in the log report, not using the default host name of the system;
- numeric: Display the IP address instead of the host name in the report;
--help: Displays help information for instructions.

Example

Check if Logwatch already exists on your host (Redhat has installed Logwatch by default, but the version is older):


rpm -qa logwatch

If there is no logwatch on the host, execute:


rpm -Ivh logwatch***.rpm

If there is an old version of logwatch, execute:


rpm -Uvh logwatch***.rpm

After installation, configure:

You can modify and add its logfiles, services, and other configurations, but by default there are many scripts, as long as they are set in 1)Detail = HighThat’s all right.

  • New configurations can be added to/etc/logwatch/conf/logwatch.conf
  • It can also be modified./usr/share/logwatch/default.conf/logwatch.conf

/etc/logwatch/conf/Automatic coverage/usr/share/logwatch/default.conf/The file with the same name below.

It doesn’t matter if logwatch. conf is not set, you can set it directly from the command line.

Logwatch -- detail High -- Service All -- range All -- print basically shows all the logs.
Logwatch -- service sshd -- detail High only looks at sshd's log

summary

The above is the Logwatch command in Linux introduced by Xiaobian. I hope it will be helpful to you. If you have any questions, please leave me a message and Xiaobian will reply to you in time. Thank you very much for your support to developpaer.