logwatch的使用

如有多台机器需要监控，建议采用logwatch，来通过一个邮箱，获取所有设备的监控信息。

默认配置文件

/usr/share/logwatch/default.conf/logwatch.conf

（/etc/logwatch/conf/logwatch.conf内容：

# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)）

目录：

# ll /usr/share/logwatch

total 32

drwxr-xr-x 4 root root 4096 Mar  9 14:16 default.conf

drwxr-xr-x 4 root root 4096 Dec  2 15:08 dist.conf

drwxr-xr-x 2 root root 4096 Dec  2 15:08 lib

drwxr-xr-x 5 root root 4096 Jan 14 10:12 scripts （各种服务的perl分析脚本）

 

/usr/share/logwatch/default.conf/services：定义各种服务日志

/usr/share/logwatch/default.conf/logfiles：定义各种服务的logfile名称

 

/usr/share/logwatch/

              This directory contains all the perl executables and configuration files  shipped

              with the logwatch distribution.

/etc/logwatch

              This directory contains local configuration files that override the default con-

              figuration. You will also need to make the /etc/logwatch dir if you want to make

configuration changes without having to modify the default config files.

 

默认配置信息：

LogDir = /var/log

TmpDir = /var/cache/logwatch（如果因为某个错误未执行完，可以手工删除此目录下的临时目录）

MailTo = root

MailFrom = Logwatch

Print = No

Range = yesterday

Detail = High

Service = All

Service = "-zz-network"     # Prevents execution of zz-network service, which

                            # prints useful network configuration info.

Service = "-zz-sys"         # Prevents execution of zz-sys service, which

                            # prints useful system configuration info.

Service = "-eximstats"      # Prevents execution of eximstats service, which

                            # is a wrapper for the eximstats program.

mailer = "sendmail -t" （使用sendmail发送邮件）

主要修改：

MailTo = root（多个邮箱用逗号隔开）

Detail = High （推荐）

 

默认每天自动执行一次，并发送邮件

# ll /etc/cron.daily/0logwatch

lrwxrwxrwx 1 root root 39 Dec  2 15:08 /etc/cron.daily/0logwatch -> /usr/share/logwatch/scripts/logwatch.pl

 

可以运行此命令来查看（等同）：

logwatch --detail High --Service All --range All --print

/usr/share/logwatch/scripts/logwatch.pl --detail High --Service All --range All --print

Perl /usr/share/logwatch/scripts/logwatch.pl --detail High --Service All --range All --print

 

命令相关信息：

# ll /usr/sbin/logwatch

lrwxrwxrwx 1 root root 39 Dec  2 15:08 /usr/sbin/logwatch -> /usr/share/logwatch/scripts/logwatch.pl

------------------------------------------------------------------------

# logwatch --help

Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>]

   [--print] [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]

   [--save <filename>] [--help] [--version] [--service <name>]

   [--numeric] [--output <output_type>]

   [--splithosts] [--multiemail]

 

--detail <level>: Report Detail Level - High, Med, Low or any #.

--logfile <name>: *Name of a logfile definition to report on.

--logdir <name>: Name of default directory where logs are stored.

--service <name>: *Name of a service definition to report on.

--print: Display report to stdout.

--mailto <addr>: Mail report to <addr>.

--archives: Use archived log files too.

--save <filename>: Save to <filename>.

--range <range>: Date range: Yesterday, Today, All, Help

                             where help will describe additional options

--numeric: Display ddresses numerically rather than symbolically and numerically

           (saves  a  nameserver address-to-name lookup).

--debug <level>: Debug Level - High, Med, Low or any #.

--splithosts: Create a report for each host in syslog.

--multiemail: Send each host report in a separate email.  Ignored if

              not using --splithosts.

--output <output type>: Report Format - mail, html or unformatted#.

--encode: Use base64 encoding on output mail.

--version: Displays current version.

--help: This message.

* = Switch can be specified multiple times...