Linux Logwatch的學習總結

Logwatch功能介紹

Logwatch是一款Perl腳本編寫的、開源的日誌分析工具。它能對原始的日誌文件進行解析並轉換成結構化格式的文檔，也能根據您的使用情況和需求來定製報告。Logwatch的特點是配置簡單、監控、分析日誌方便，而且可以對某些功能進行定製化。 項目源碼位於https://sourceforge.net/projects/logwatch/ 。

LogWatch的官文檔介紹：

Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish.

Logwatch安裝升級

1： 查看是否安裝Logwatch組件

[root@DB-Server ~]# rpm -qa | grep logwatch

logwatch-7.3-9.el5_6

2: Logwatch的安裝、升級、卸載

2.1.1 Logwatch的RPM安裝

[root@DB-Server Server]# rpm -ivh logwatch-7.3-9.el5_6.noarch.rpm 

warning: logwatch-7.3-9.el5_6.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing...                ########################################### [100%]

        package logwatch-7.3-9.el5_6.noarch is already installed

[root@DB-Server Server]# 

[root@DB-Server Server]# yum install logwatch

2.1.2 Logwatch的源碼安裝

[root@DB-Server tmp]# tar -xzvf logwatch-7.4.3.tar.gz 

[root@DB-Server tmp]# cd logwatch-7.4.3

[root@DB-Server logwatch-7.4.3]# ./install_logwatch.sh

#################################

Preparing to install Logwatch

Enter the path to the Logwatch BaseDir [/usr/share/logwatch] : 

### Using /usr/share/logwatch

Enter the path for the Logwatch ConfigDir [/etc/logwatch] : 

### Using /etc/logwatch

Enter the dir name to be used for temp files [/var/cache/logwatch] : 

### Using /var/cache/logwatch

Enter the location of perl [/usr/bin/perl] : 

### Using /usr/bin/perl

Enter the dir name to used for the manpage [/usr/share/man] : 

### Using /usr/share/man

### Installing

Created symlink for /usr/sbin/logwatch 

Created /etc/cron.daily/0logwatch 

2.2 Logwatch的卸載

[root@DB-Server Server]# rpm -e logwatch-7.3-9.el5_6

2.2 Logwatch的升級

[root@DB-Server Server]#rpm -Uvh logwatch***.rpm

Logwatch的配置介紹

Logwatch的配置文件為 /etc/logwatch/conf/logwatch.conf ，初始安裝後，這個配置文件是空的。你可以將配置文件的模板拷貝過來，如果不做這一步，就會預設使用/usr/share/logwatch/default.conf/logwatch.conf 這個配置文件。

[root@DB-Server ~]# more  /etc/logwatch/conf/logwatch.conf

# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)

[root@DB-Server ~]# cp  /usr/share/logwatch/default.conf/logwatch.conf  /etc/logwatch/conf/logwatch.conf 

cp: overwrite `/etc/logwatch/conf/logwatch.conf'? yes

配置的具體參數介紹：

LogDir = /var/log                系統日誌或需要分析日誌所在路徑

TmpDir = /var/cache/logwatch     臨時文件位置

Output = stdout                  輸出格式（stdout 屏幕上顯示）

Format = text                    輸出格式，有text、html選項可以選擇

Encode = none                    編碼格式

MailTo = root                    分析結果發送給那些人或郵件組。多個郵箱逗號隔開

MailFrom = Logwatch              郵件的發件人

Range = yesterday                處理什麼時候的日誌 , 可選項 All（所有） ,Yesterday（昨天） , Today（今天）

                                 Range = "1 hours ago for that hour"

                                 Range = "-7 days"

                                 Range = "between -7 days and -3 days"

                                 Range = "since March 15, 2017"

                                 Range = "first Friday in October"

                                 Range = "2017/04/15 12:50:15 for that second"

Detail = Low                     該參數控制著 Logwatch 報告的詳細程, 可選項：Low , Med , High 也可以用0-10數字表示

                                 其中High、Med、Low 幾個選項分別代表著10、5和0數字。

Service = All                    監控所有服務 all

Service = "-httpd"               不監控的服務前面加 “-” , 如 -httpd ,即不監控 httpd 服務 , 可以寫多條

mailer = "/usr/sbin/sendmail -t" 發送郵件的方式（可以選sendmail，postfix,Qmail）

註意不同版本的Logwatch的參數有所區別，例如如下logwatch-7.3-9與logwatch-7.4.3的對比如下

[root@DB-Server01 ~]# sed -n "/^\s*[^#\t].*$/p" /usr/share/logwatch/default.conf/logwatch.conf

LogDir = /var/log

TmpDir = /var/cache/logwatch

MailTo = root

MailFrom = Logwatch

Print = No

Range = yesterday

Detail = Low 

Service = All

Service = "-zz-network"     # Prevents execution of zz-network service, which

                            # prints useful network configuration info.

Service = "-zz-sys"         # Prevents execution of zz-sys service, which

                            # prints useful system configuration info.

Service = "-eximstats"      # Prevents execution of eximstats service, which

                            # is a wrapper for the eximstats program.

mailer = "sendmail -t"

[root@DB-Server ~]# sed -n "/^\s*[^#\t].*$/p" /etc/logwatch/conf/logwatch.conf 

LogDir = /var/log

TmpDir = /var/cache/logwatch

Output = stdout

Format = text

Encode = none

MailTo = root

MailFrom = Logwatch

Range = yesterday

Detail = Low

Service = All

Service = "-zz-network"     # Prevents execution of zz-network service, which

                            # prints useful network configuration info.

Service = "-zz-sys"         # Prevents execution of zz-sys service, which

                            # prints useful system configuration info.

Service = "-eximstats"      # Prevents execution of eximstats service, which

                            # is a wrapper for the eximstats program.

mailer = "/usr/sbin/sendmail -t"