Logwatch功能介绍

Logwatch是一款Perl脚本编写的、开源的日志分析工具。它能对原始的日志文件进行解析并转换成结构化格式的文档,也能根据您的使用情况和需求来定制报告。Logwatch的特点是配置简单、监控、分析日志方便,而且可以对某些功能进行定制化。 项目源码位于https://sourceforge.net/projects/logwatch/

LogWatch的官文档介绍:

Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish.

Logwatch安装升级

 

1: 查看是否安装Logwatch组件

[root@DB-Server ~]# rpm -qa | grep logwatch

logwatch-7.3-9.el5_6

2: Logwatch的安装、升级、卸载

 

2.1.1 Logwatch的RPM安装

[root@DB-Server Server]# rpm -ivh logwatch-7.3-9.el5_6.noarch.rpm 

warning: logwatch-7.3-9.el5_6.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing...                ########################################### [100%]

        package logwatch-7.3-9.el5_6.noarch is already installed

[root@DB-Server Server]# 

 

 

 

[root@DB-Server Server]# yum install logwatch

2.1.2 Logwatch的源码安装

[root@DB-Server tmp]# tar -xzvf logwatch-7.4.3.tar.gz 

[root@DB-Server tmp]# cd logwatch-7.4.3

[root@DB-Server logwatch-7.4.3]# ./install_logwatch.sh

#################################

Preparing to install Logwatch

Enter the path to the Logwatch BaseDir [/usr/share/logwatch] : 

### Using /usr/share/logwatch

Enter the path for the Logwatch ConfigDir [/etc/logwatch] : 

### Using /etc/logwatch

Enter the dir name to be used for temp files [/var/cache/logwatch] : 

### Using /var/cache/logwatch

Enter the location of perl [/usr/bin/perl] : 

### Using /usr/bin/perl

Enter the dir name to used for the manpage [/usr/share/man] : 

### Using /usr/share/man

### Installing

Created symlink for /usr/sbin/logwatch 

Created /etc/cron.daily/0logwatch

 

2.2 Logwatch的卸载

[root@DB-Server Server]# rpm -e logwatch-7.3-9.el5_6

2.2 Logwatch的升级

[root@DB-Server Server]#rpm -Uvh logwatch***.rpm

Logwatch的配置介绍

Logwatch的配置文件为 /etc/logwatch/conf/logwatch.conf ,初始安装后,这个配置文件是空的。你可以将配置文件的模板拷贝过来,如果不做这一步,就会默认使用/usr/share/logwatch/default.conf/logwatch.conf 这个配置文件。

[root@DB-Server ~]# more  /etc/logwatch/conf/logwatch.conf

# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)

[root@DB-Server ~]# cp  /usr/share/logwatch/default.conf/logwatch.conf  /etc/logwatch/conf/logwatch.conf 

cp: overwrite `/etc/logwatch/conf/logwatch.conf'? yes

 

配置的具体参数介绍:

LogDir = /var/log                系统日志或需要分析日志所在路径

 

TmpDir = /var/cache/logwatch     临时文件位置

 

Output = stdout                  输出格式(stdout 屏幕上显示)

 

Format = text                    输出格式,有text、html选项可以选择

 

Encode = none                    编码格式

 

MailTo = root                    分析结果发送给那些人或邮件组。多个邮箱逗号隔开

 

MailFrom = Logwatch              邮件的发件人

 

Range = yesterday                处理什么时候的日志 , 可选项 All(所有) ,Yesterday(昨天) , Today(今天)

 

                                 Range = "1 hours ago for that hour"

 

                                 Range = "-7 days"

 

                                 Range = "between -7 days and -3 days"

 

                                 Range = "since March 15, 2017"

 

                                 Range = "first Friday in October"

 

                                 Range = "2017/04/15 12:50:15 for that second"

 

Detail = Low                     该参数控制着 Logwatch 报告的详细程, 可选项:Low , Med , High 也可以用0-10数字表示

 

                                 其中High、Med、Low 几个选项分别代表着10、5和0数字。

 

Service = All                    监控所有服务 all

 

Service = "-httpd"               不监控的服务前面加 “-” , 如 -httpd ,即不监控 httpd 服务 , 可以写多条

 

mailer = "/usr/sbin/sendmail -t" 发送邮件的方式(可以选sendmail,postfix,Qmail)

注意不同版本的Logwatch的参数有所区别,例如如下logwatch-7.3-9与logwatch-7.4.3的对比如下

[root@DB-Server01 ~]# sed -n "/^\s*[^#\t].*$/p" /usr/share/logwatch/default.conf/logwatch.conf

LogDir = /var/log

TmpDir = /var/cache/logwatch

MailTo = root

MailFrom = Logwatch

Print = No

Range = yesterday

Detail = Low 

Service = All

Service = "-zz-network"     # Prevents execution of zz-network service, which

                            # prints useful network configuration info.

Service = "-zz-sys"         # Prevents execution of zz-sys service, which

                            # prints useful system configuration info.

Service = "-eximstats"      # Prevents execution of eximstats service, which

                            # is a wrapper for the eximstats program.

mailer = "sendmail -t"

 

 

 

[root@DB-Server ~]# sed -n "/^\s*[^#\t].*$/p" /etc/logwatch/conf/logwatch.conf 

LogDir = /var/log

TmpDir = /var/cache/logwatch

Output = stdout

Format = text

Encode = none

MailTo = root

MailFrom = Logwatch

Range = yesterday

Detail = Low

Service = All

Service = "-zz-network"     # Prevents execution of zz-network service, which

                            # prints useful network configuration info.

Service = "-zz-sys"         # Prevents execution of zz-sys service, which

                            # prints useful system configuration info.

Service = "-eximstats"      # Prevents execution of eximstats service, which

                            # is a wrapper for the eximstats program.

mailer = "/usr/sbin/sendmail -t"

[root@DB-Server ~]#

Logwatch 并不是以系统服务形式来跑的 ,而是在/etc/cron.daily下生成了一个脚本/etc/cron.daily/0logwatch ,有些版本是一个软链 。如下所示。 当然你也可以在crontab里面设置自己的作业.如果要使用发送邮件功能,你必须提前进行配置。例如,配置sendmail。

logwatch-7.3-9

[root@mynx01 ~]# ls -l /etc/cron.daily/0logwatch

lrwxrwxrwx 1 root root 39 Apr 23  2015 /etc/cron.daily/0logwatch -> /usr/share/logwatch/scripts/logwatch.pl

 

logwatch-7.4.3

[root@DB-Server tmp]# more  /etc/cron.daily/0logwatch

#!/bin/sh

 

#Set logwatch location

LOGWATCH_SCRIPT="/usr/sbin/logwatch"

#Add options to this line. Most options should be defined in /etc/logwatch/conf/logwatch.conf,

#but some are only for the nightly cronrun such as --output mail and should be set here.

#Other options to consider might be "--format html" or "--encode base64", man logwatch for more details.

OPTIONS="--output mail"

 

#Call logwatch

$LOGWATCH_SCRIPT $OPTIONS

 

exit 0

[root@DB-Server tmp]# ls -l  /etc/cron.daily/0logwatch

-rwxr-xr-x 1 root root 434 Apr 27 15:09 /etc/cron.daily/0logwatch

[root@DB-Server tmp]#

 

Logwatch的用例介绍

1: 查看logwatch的帮助信息(注意不同版本间的区别)

[root@DB-Server log]# logwatch --help

 

Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>] [--output <output_type>]

   [--format <format_type>] [--encode <enconding>] [--numeric]

   [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]

   [--filename <filename>] [--help|--usage] [--version] [--service <name>]

   [--hostformat <host_format type>] [--hostlimit <host1,host2>] [--html_wrap <num_characters>]

 

--detail <level>: Report Detail Level - High, Med, Low or any #.

--logfile <name>: *Name of a logfile definition to report on.

--logdir <name>: Name of default directory where logs are stored.

--service <name>: *Name of a service definition to report on.

--output <output type>: Report Output - stdout [default], mail, file.

--format <formatting>: Report Format - text [default], html.

--encode <encoding>: Enconding to use - none [default], base64.

--mailto <addr>: Mail report to <addr>.

--archives: Use archived log files too.

--filename <filename>: Used to specify they filename to save to. --filename <filename> [Forces output to file].

--range <range>: Date range: Yesterday, Today, All, Help

                             where help will describe additional options

--numeric: Display addresses numerically rather than symbolically and numerically

           (saves  a  nameserver address-to-name lookup).

--debug <level>: Debug Level - High, Med, Low or any #.

--hostformat: Host Based Report Options - none [default], split, splitmail.

--hostlimit: Limit report to hostname - host1,host2.

--hostname: overwrites hostname

--html_wrap <num_characters>: Default is 80.

--version: Displays current version.

--help: This message.

--usage: Same as --help.

* = Switch can be specified multiple times...

2:Logwatch的使用案例:

perl /usr/share/logwatch/scripts/logwatch.pl

logwatch --service sshd --print

logwatch --detail High --Service All --range All --print

logwatch --detail High --Service All --range All --output stdout

logwatch --detail 10 --range today --service http --service postfix --service zz-disk_space --format html --output file --filename /tmp/logwatch.html

注意上面有些版本不能执行,例如logwatch-7.4.3中就没有参数--print,需要用参数--output

[root@MyLinx ~]#  logwatch --service sshd --print  

 

 ################### Logwatch 7.3 (03/24/06) #################### 

        Processing Initiated: Mon Apr 24 08:11:00 2017

        Date Range Processed: yesterday

                              ( 2017-Apr-23 )

                              Period is day.

      Detail Level of Output: 10

              Type of Output: unformatted

           Logfiles for Host: xxx.xxx.xxx

  ################################################################## 

 

 --------------------- SSHD Begin ------------------------ 

 

 Users logging in through sshd:

    xxxxx:

       192.168.xxx.xxx (xxxx): 276 times

    oracle:

       192.168.xxx.xxx (xxxxx): 1 time

 

 

 Received disconnect:

    11: The user disconnected the application

       192.168.xxx.xxx : 276 Time(s)

 

 ---------------------- SSHD End ------------------------- 

 

 

 ###################### Logwatch End ######################### 

 

[root@DB-Server log]# logwatch --detail 10 --range all --service sshd --format text --output file --filename /tmp/logwatch.txt

[root@DB-Server log]# more /tmp/logwatch.txt 

 

 ################### Logwatch 7.4.3 (04/27/16) #################### 

        Processing Initiated: Thu Apr 27 17:17:42 2017

        Date Range Processed: all

        Detail Level of Output: 10

        Type of Output/Format: file / text

        Logfiles for Host: DB-Server.localdomain

 ################################################################## 

 

 --------------------- SSHD Begin ------------------------ 

 

 Couldn't resolve these IPs:

    get253194.gfg1.esquel.com(192.168.103.21): 1 Time(s)

    get253194.gfg1.esquel.com(192.168.103.26): 1 Time(s)

 

 Failed logins from:

    192.168.7.xxx: 1 time

       root/password: 1 time

 

 Users logging in through sshd:

    root:

       192.168.103.15 (xxxxx): 4 times

       192.168.103.21 (xxxxx): 4 times

       192.168.103.22 (xxxxx): 3 times

       192.168.103.26 (xxxxx): 2 times

 

 SFTP subsystem requests: 6 Time(s)

 

 ---------------------- SSHD End ------------------------- 

 

 

 ###################### Logwatch End #########################

Linux Logwatch的学习总结的更多相关文章

  1. Linux随笔-鸟哥Linux基础篇学习总结(全)

    Linux随笔-鸟哥Linux基础篇学习总结(全) 修改Linux系统语系:LANG-en_US,如果我们想让系统默认的语系变成英文的话我们可以修改系统配置文件:/etc/sysconfig/i18n ...

  2. 20135231 —— Linux 基础入门学习

    20135231 何佳 学习计时:共12小时 读书:5 代码:2 作业:2 博客:3 一.学习目标 1. 能够独立安装Linux操作系统 2. 能够熟练使用Linux系统的基本命令 3. 熟练使用Li ...

  3. Linux系统新手学习的11点建议

    随着Linux应用的扩展许多朋友开始接触Linux,根据学习Windwos的经验往往有一些茫然的感觉:不知从何处开始学起.这里介绍学习Linux的一些建议. 一.从基础开始:常常有些朋友在Linux论 ...

  4. Linux进程间通信IPC学习笔记之同步二(SVR4 信号量)

    Linux进程间通信IPC学习笔记之同步二(SVR4 信号量)

  5. Linux进程间通信IPC学习笔记之同步二(Posix 信号量)

    Linux进程间通信IPC学习笔记之同步二(Posix 信号量)

  6. Linux进程间通信IPC学习笔记之消息队列(SVR4)

    Linux进程间通信IPC学习笔记之消息队列(SVR4)

  7. Linux进程间通信IPC学习笔记之有名管道

    基础知识: 有名管道,FIFO先进先出,它是一个单向(半双工)的数据流,不同于管道的是:是最初的Unix IPC形式,可追溯到1973年的Unix第3版.使用其应注意两点: 1)有一个与路径名关联的名 ...

  8. Linux进程间通信IPC学习笔记之管道

    基础知识: 管道是最初的Unix IPC形式,可追溯到1973年的Unix第3版.使用其应注意两点: 1)没有名字: 2)用于共同祖先间的进程通信: 3)读写操作用read和write函数 #incl ...

  9. Linux防火墙iptables学习笔记(三)iptables命令详解和举例[转载]

     Linux防火墙iptables学习笔记(三)iptables命令详解和举例 2008-10-16 23:45:46 转载 网上看到这个配置讲解得还比较易懂,就转过来了,大家一起看下,希望对您工作能 ...

随机推荐

  1. [Swift]LeetCode1018. 可被 5 整除的二进制前缀 | Binary Prefix Divisible By 5

    Given an array A of 0s and 1s, consider N_i: the i-th subarray from A[0] to A[i] interpreted as a bi ...

  2. 解决 python 读取文件乱码问题(UnicodeDecodeError)

    解决 python 读取文件乱码问题(UnicodeDecodeError) 确定你的文件的编码,下面的代码将以'utf-8'为例,否则会忽略编码错误导致输出乱码 解决方案一 with open(r' ...

  3. 最近要租房子,用Python看一下房源吧..

    前言:最近我的朋友想要租房子,为了装个b,决定运用技术去帮助他. 这个网站是什么我也不知道 反正是一个房子交易网站  http://www.ljia.net/ 设置请求头 headers = {'Ac ...

  4. .net core使用EasyNetQ做EventBus

    随着SOA.微服务.CQRS的盛行,EventBus越来越流行,上GitHub搜了一下,还是有蛮多的这类实现,老牌的有NServiceBus(收费).MassTransit,最近的有CAP(国人写的, ...

  5. .net core使用RPC方式进行高效的HTTP服务访问

    传统的HTTP接口调用是一件比较繁琐的事情,特别是在Post数据的时候:不仅要拼访问的URL还是把数据序列化成流的方式给Request进行提交,获取Respons后还要对流进行解码.在实际应用虽然可以 ...

  6. TCP连接有效性检测方法

    在写TCP服务的时候经常需要面对的问题就是如何知道一个TCP连接当前是否有效,但这个问题对很多初入门的同学来说是很困惑的,主要原因是当对方关闭连接后,另一方无法有效的知道:对于同步操作来说可以通过设置 ...

  7. [linux]孤儿进程与僵尸进程

    转载自:http://www.cnblogs.com/Anker/p/3271773.html 一.前言 之前在看<unix环境高级编程>第八章进程时候,提到孤儿进程和僵尸进程,一直对这两 ...

  8. 带着萌新看springboot源码05

    上一节走了一遍从浏览器发出请求到得到向页面的流程,基本的功能是已经实现了.但是现在啊,我想自定义一个拦截器(拦截器可以做用户登录验证,如果登录了,就让你通过,如果没有登录,就重定向登录页面),这里就不 ...

  9. tensorflow机器学习模型的跨平台上线

    在用PMML实现机器学习模型的跨平台上线中,我们讨论了使用PMML文件来实现跨平台模型上线的方法,这个方法当然也适用于tensorflow生成的模型,但是由于tensorflow模型往往较大,使用无法 ...

  10. Java开发知识之XML文档使用,解析

    目录 XML文件详解 一丶XML简介 1.文档结构 2.XML中的元素(Element)或者叫做标签(Tab).属性 文本内容. 节点(Node) 3.XML语法规则 二丶XML文档解析 三丶使用XP ...