Logwatch command in Linux


Logwatch commandIt is a customizable and pluggable log monitoring system that generates log reports by traversing system log files within a given time range. Logwatch is executed once a day by default, and can be executed from/etc/cron.dailySee here.


Logwatch (option)


Detail < report detail >: specify the detail of log reports;
Logfile < Logfile >: Only the specified log files are processed;
Service < Service Name >: Only log files for specified services are processed;
Print: Print results to standard output;
Mailto < Mail Address >: Send the results to the designated mailbox;
Range < date range >: specify the date range for processing logs;
Archves: Processing archived log files;
Debug < Debugging Level >: Debugging Mode;
Save < filename >: save the result to the specified file without displaying or sending it to the specified mailbox;
Logdir < Directory >: Specify the directory to find log files instead of using the default log directory;
- hostname < host name >: specify the host name used in the log report, not using the default host name of the system;
- numeric: Display the IP address instead of the host name in the report;
--help: Displays help information for instructions.


Check if Logwatch already exists on your host (Redhat has installed Logwatch by default, but the version is older):

rpm -qa logwatch

If there is no logwatch on the host, execute:

rpm -Ivh logwatch***.rpm

If there is an old version of logwatch, execute:

rpm -Uvh logwatch***.rpm

After installation, configure:

You can modify and add its logfiles, services, and other configurations, but by default there are many scripts, as long as they are set in 1)Detail = HighThat’s all right.

  • New configurations can be added to/etc/logwatch/conf/logwatch.conf
  • It can also be modified./usr/share/logwatch/default.conf/logwatch.conf

/etc/logwatch/conf/Automatic coverage/usr/share/logwatch/default.conf/The file with the same name below.

It doesn’t matter if logwatch. conf is not set, you can set it directly from the command line.

Logwatch -- detail High -- Service All -- range All -- print basically shows all the logs.
Logwatch -- service sshd -- detail High only looks at sshd's log


The above is the Logwatch command in Linux introduced by Xiaobian. I hope it will be helpful to you. If you have any questions, please leave me a message and Xiaobian will reply to you in time. Thank you very much for your support to developpaer.

Recommended Today

Oracle (PLSQL) introduction 1

Oracle installation, user authorization, table operation, data type, DDL table, DML data. Next: Oracle introduction 2 Learning video: https://www.bilibili.com/video/BV1tJ411r7EC?p=15 Baidu cloud installation package is attached to the installation tutorial: https://blog.csdn.net/qq_ 40774525/article/details/79919057 Oracle Baidu cloud installation package: https://pan.baidu.com/s/1qVWwCUR37j2JxEecYbe5HQ Extraction code: 5abz After the Oracle service above is installed, open the client of SQL developer and the […]