Scripting Clinic: Nagging Logs Make for Safe Networks - Page 2
Email Notifications With Logwatch
Logwatch is a slick Perl script that bundles up logfile reports and emails them to you. Debian users can install it by running apt-get install logwatch. Debian puts the configuration files in /etc/logwatch. The RPM puts them in /etc/log.d. Of course you may also install from sources. Be sure to consult the README for installation.
To make it go, first find logwatch.conf. You'll need to make a few tweaks. Set the "MailTo" directive to your desired email address, or local account. For local mail, most Linux systems still come with venerable old "mail", which works just fine:
MailTo = carla
mailer = /usr/bin/mail
Of course you may use any mailer you wish.
To make Logwatch send you daily reports, set the time range to "Today":
Range = Today
Other choices are "All" and "Yesterday." Now set your desired detail level for your reports:
Detail = High
Save your changes, and run Logwatch to send you a report:
# logwatch
The whole idea is to have Logwatch work without you having to exert yourself, so now you have to edit /etc/crontab to run Logwatch at your desired intervals. This runs it daily at 1am:
# m h dom mon dow user command 0 1 * * * root /usr/sbin/logwatch
Logging Strategy
There are a lot of different ways to tweak log output. Logwatch and syslog both have a large number of configurable options. I like to configure syslog.conf for more detailed output, then trim it back in Logwatch. That way I get a nice summary from Logwatch, and if there is anything scary that needs investigation, the regular system logs will tell all.
Resources
- See the man pages for tail, syslog, and syslog.conf.
- Logwatch resides at Logwatch.org.
- See the man page for mail. If you have mailx on your system, look for /usr/share/doc/mailx.
- Linux in a Nutshell, by Ellen Siever, is my #1 indispensible Linux command reference
