Scripting Clinic: Nagging Logs Make for Safe Networks - Page 2

By Carla Schroder | Posted Oct 20, 2004
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Continued From Page 1

Email Notifications With Logwatch

Logwatch is a slick Perl script that bundles up logfile reports and emails them to you. Debian users can install it by running apt-get install logwatch. Debian puts the configuration files in /etc/logwatch. The RPM puts them in /etc/log.d. Of course you may also install from sources. Be sure to consult the README for installation.

To make it go, first find logwatch.conf. You'll need to make a few tweaks. Set the "MailTo" directive to your desired email address, or local account. For local mail, most Linux systems still come with venerable old "mail", which works just fine:

MailTo = carla
mailer = /usr/bin/mail

Of course you may use any mailer you wish.

To make Logwatch send you daily reports, set the time range to "Today":

Range = Today

Other choices are "All" and "Yesterday." Now set your desired detail level for your reports:

Detail = High

Save your changes, and run Logwatch to send you a report:

# logwatch

The whole idea is to have Logwatch work without you having to exert yourself, so now you have to edit /etc/crontab to run Logwatch at your desired intervals. This runs it daily at 1am:

# m h dom mon dow user	command
   0 1	* * *	root       /usr/sbin/logwatch

Logging Strategy

There are a lot of different ways to tweak log output. Logwatch and syslog both have a large number of configurable options. I like to configure syslog.conf for more detailed output, then trim it back in Logwatch. That way I get a nice summary from Logwatch, and if there is anything scary that needs investigation, the regular system logs will tell all.

Resources

  • See the man pages for tail, syslog, and syslog.conf.
  • Logwatch resides at Logwatch.org.
  • See the man page for mail. If you have mailx on your system, look for /usr/share/doc/mailx.
  • Linux in a Nutshell, by Ellen Siever, is my #1 indispensible Linux command reference

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter