Linux Logwatch的学习总结

栏目: Perl · 发布时间: 7年前

内容简介:Linux Logwatch的学习总结

Logwatch 功能介绍

Logwatch是一款 Perl 脚本编写的、开源的日志分析工具。它能对原始的日志文件进行解析并转换成结构化格式的文档,也能根据您的使用情况和需求来定制报告。Logwatch的特点是配置简单、监控、分析日志方便,而且可以对某些功能进行定制化。 项目源码位于 https://sourceforge.net/projects/logwatch/

LogWatch的官文档介绍:

Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish.

Logwatch 安装升级

1 : 查看是否安装Logwatch组件

[root@DB-Server ~]# rpm -qa | grep logwatch
logwatch-7.3-9.el5_6

2: Logwatch 的安装、升级、卸载

2.1.1 Logwatch 的RPM安装

[root@DB-Server Server]# rpm -ivh logwatch-7.3-9.el5_6.noarch.rpm
warning: logwatch-7.3-9.el5_6.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...                ########################################### [100%]
        package logwatch-7.3-9.el5_6.noarch is already installed
[root@DB-Server Server]#
 
 
 
[root@DB-Server Server]# yum install logwatch

2.1.2 Logwatch 的源码安装

[root@DB-Server tmp]# tar -xzvf logwatch-7.4.3.tar.gz
[root@DB-Server tmp]# cd logwatch-7.4.3
[root@DB-Server logwatch-7.4.3]# ./install_logwatch.sh
#################################
Preparing to install Logwatch
Enter the path to the Logwatch BaseDir [/usr/share/logwatch] : 
### Using /usr/share/logwatch
Enter the path for the Logwatch ConfigDir [/etc/logwatch] : 
### Using /etc/logwatch
Enter the dir name to be used for temp files [/var/cache/logwatch] : 
### Using /var/cache/logwatch
Enter the location of perl [/usr/bin/perl] : 
### Using /usr/bin/perl
Enter the dir name to used for the manpage [/usr/share/man] : 
### Using /usr/share/man
### Installing
Created symlink for /usr/sbin/logwatch 
Created /etc/cron.daily/0logwatch 

Linux Logwatch的学习总结

2.2 Logwatch 的卸载

[root@DB-Server Server]# rpm -e logwatch-7.3-9.el5_6

2.2 Logwatch 的升级

[root@DB-Server Server]#rpm -Uvh logwatch***.rpm

Logwatch 的配置介绍

Logwatch的配置文件为 /etc/logwatch/conf/logwatch.conf ,初始安装后,这个配置文件是空的。你可以将配置文件的模板拷贝过来,如果不做这一步,就会默认使用/usr/share/logwatch/default.conf/logwatch.conf 这个配置文件。

[root@DB-Server ~]# more  /etc/logwatch/conf/logwatch.conf
# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)
[root@DB-Server ~]# cp  /usr/share/logwatch/default.conf/logwatch.conf  /etc/logwatch/conf/logwatch.conf
cp: overwrite `/etc/logwatch/conf/logwatch.conf'? yes

配置的具体参数介绍:

LogDir = /var/log                系统日志或需要分析日志所在路径
 
TmpDir = /var/cache/logwatch     临时文件位置
 
Output = stdout                  输出格式(stdout 屏幕上显示)
 
Format = text                    输出格式,有text、html选项可以选择
 
Encode = none                    编码格式
 
MailTo = root                    分析结果发送给那些人或邮件组。多个邮箱逗号隔开
 
MailFrom = Logwatch              邮件的发件人
 
Range = yesterday                处理什么时候的日志 , 可选项 All(所有) ,Yesterday(昨天) , Today(今天)
 
                                 Range = "1 hours ago for that hour"
 
                                 Range = "-7 days"
 
                                 Range = "between -7 days and -3 days"
 
                                 Range = "since March 15, 2017"
 
                                 Range = "first Friday in October"
 
                                 Range = "2017/04/15 12:50:15 for that second"
 
Detail = Low                     该参数控制着 Logwatch 报告的详细程, 可选项:Low , Med , High 也可以用0-10数字表示
 
                                 其中High、Med、Low 几个选项分别代表着10、5和0数字。
 
Service = All                    监控所有服务 all
 
Service = "-httpd"               不监控的服务前面加 “-” , 如 -httpd ,即不监控 httpd 服务 , 可以写多条
 
mailer = "/usr/sbin/sendmail -t" 发送邮件的方式(可以选sendmail,postfix,Qmail)

注意不同版本的Logwatch的参数有所区别,例如如下logwatch-7.3-9与logwatch-7.4.3的对比如下

[root@DB-Server01 ~]# sed -n "/^\s*[^#\t].*$/p" /usr/share/logwatch/default.conf/logwatch.conf
LogDir = /var/log
TmpDir = /var/cache/logwatch
MailTo = root
MailFrom = Logwatch
Print = No
Range = yesterday
Detail = Low 
Service = All
Service = "-zz-network"     # Prevents execution of zz-network service, which
                            # prints useful network configuration info.
Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                            # prints useful system configuration info.
Service = "-eximstats"      # Prevents execution of eximstats service, which
                            # is a wrapper for the eximstats program.
mailer = "sendmail -t"
 
 
 
[root@DB-Server ~]# sed -n "/^\s*[^#\t].*$/p" /etc/logwatch/conf/logwatch.conf
LogDir = /var/log
TmpDir = /var/cache/logwatch
Output = stdout
Format = text
Encode = none
MailTo = root
MailFrom = Logwatch
Range = yesterday
Detail = Low
Service = All
Service = "-zz-network"     # Prevents execution of zz-network service, which
                            # prints useful network configuration info.
Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                            # prints useful system configuration info.
Service = "-eximstats"      # Prevents execution of eximstats service, which
                            # is a wrapper for the eximstats program.
mailer = "/usr/sbin/sendmail -t"
[root@DB-Server ~]# 

Linux Logwatch的学习总结

Logwatch 并不是以系统服务形式来跑的 ,而是在/etc/cron.daily下生成了一个脚本/etc/cron.daily/0logwatch ,有些版本是一个软链 。如下所示。 当然你也可以在crontab里面设置自己的作业.如果要使用发送邮件功能,你必须提前进行配置。例如,配置sendmail。

logwatch-7.3-9

[root@mynx01 ~]# ls -l /etc/cron.daily/0logwatch
lrwxrwxrwx 1 root root 39 Apr 23  2015 /etc/cron.daily/0logwatch -> /usr/share/logwatch/scripts/logwatch.pl

logwatch-7.4.3

[root@DB-Server tmp]# more  /etc/cron.daily/0logwatch
#!/bin/sh
 
#Set logwatch location
LOGWATCH_SCRIPT="/usr/sbin/logwatch"
#Add options to this line. Most options should be defined in /etc/logwatch/conf/logwatch.conf,
#but some are only for the nightly cronrun such as --output mail and should be set here.
#Other options to consider might be "--format html" or "--encode base64", man logwatch for more details.
OPTIONS="--output mail"
 
#Call logwatch
$LOGWATCH_SCRIPT $OPTIONS
 
exit 0
[root@DB-Server tmp]# ls -l  /etc/cron.daily/0logwatch
-rwxr-xr-x 1 root root 434 Apr 27 15:09 /etc/cron.daily/0logwatch
[root@DB-Server tmp]# 

Logwatch 的用例介绍

1: 查看logwatch的帮助信息(注意不同版本间的区别)

[root@DB-Server log]# logwatch --help
 
Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>] [--output <output_type>]
   [--format <format_type>] [--encode <enconding>] [--numeric]
   [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]
   [--filename <filename>] [--help|--usage] [--version] [--service <name>]
   [--hostformat <host_format type>] [--hostlimit <host1,host2>] [--html_wrap <num_characters>]
 
--detail <level>: Report Detail Level - High, Med, Low or any #.
--logfile <name>: *Name of a logfile definition to report on.
--logdir <name>: Name of default directory where logs are stored.
--service <name>: *Name of a service definition to report on.
--output <output type>: Report Output - stdout [default], mail, file.
--format <formatting>: Report Format - text [default], html.
--encode <encoding>: Enconding to use - none [default], base64.
--mailto <addr>: Mail report to <addr>.
--archives: Use archived log files too.
--filename <filename>: Used to specify they filename to save to. --filename <filename> [Forces output to file].
--range <range>: Date range: Yesterday, Today, All, Help
                             where help will describe additional options
--numeric: Display addresses numerically rather than symbolically and numerically
           (saves  a  nameserver address-to-name lookup).
--debug <level>: Debug Level - High, Med, Low or any #.
--hostformat: Host Based Report Options - none [default], split, splitmail.
--hostlimit: Limit report to hostname - host1,host2.
--hostname: overwrites hostname
--html_wrap <num_characters>: Default is 80.
--version: Displays current version.
--help: This message.
--usage: Same as --help.
* = Switch can be specified multiple times...

2:Logwatch的使用案例:

perl /usr/share/logwatch/scripts/logwatch.pl

logwatch --service sshd --print

logwatch --detail High --Service All --range All --print

logwatch --detail High --Service All --range All --output stdout

logwatch --detail 10 --range today --service http --service postfix --service zz-disk_space --format html --output file --filename /tmp/logwatch.html

注意上面有些版本不能执行,例如logwatch-7.4.3中就没有参数--print,需要用参数--output

[root@MyLinx ~]#  logwatch --service sshd --print 
 
 ################### Logwatch 7.3 (03/24/06) ####################
        Processing Initiated: Mon Apr 24 08:11:00 2017
        Date Range Processed: yesterday
                              ( 2017-Apr-23 )
                              Period is day.
      Detail Level of Output: 10
              Type of Output: unformatted
           Logfiles for Host: xxx.xxx.xxx
  ##################################################################
 
 --------------------- SSHD Begin ------------------------ 
 
 Users logging in through sshd:
    xxxxx:
       192.168.xxx.xxx (xxxx): 276 times
    oracle:
       192.168.xxx.xxx (xxxxx): 1 time
 
 
 Received disconnect:
    11: The user disconnected the application
       192.168.xxx.xxx : 276 Time(s)
 
 ---------------------- SSHD End ------------------------- 
 
 
 ###################### Logwatch End #########################
 
[root@DB-Server log]# logwatch --detail 10 --range all --service sshd --format text --output file --filename /tmp/logwatch.txt
[root@DB-Server log]# more /tmp/logwatch.txt
 
 ################### Logwatch 7.4.3 (04/27/16) ####################
        Processing Initiated: Thu Apr 27 17:17:42 2017
        Date Range Processed: all
        Detail Level of Output: 10
        Type of Output/Format: file / text
        Logfiles for Host: DB-Server.localdomain
 ##################################################################
 
 --------------------- SSHD Begin ------------------------ 
 
 Couldn't resolve these IPs:
    get253194.gfg1.esquel.com(192.168.103.21): 1 Time(s)
    get253194.gfg1.esquel.com(192.168.103.26): 1 Time(s)
 
 Failed logins from:
    192.168.7.xxx: 1 time
       root/password: 1 time
 
 Users logging in through sshd:
    root:
       192.168.103.15 (xxxxx): 4 times
       192.168.103.21 (xxxxx): 4 times
       192.168.103.22 (xxxxx): 3 times
       192.168.103.26 (xxxxx): 2 times
 
 SFTP subsystem requests: 6 Time(s)
 
 ---------------------- SSHD End ------------------------- 
 
 
 ###################### Logwatch End #########################

以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

社交天性

社交天性

[美] 马修·利伯曼(Matthew D. Lieberman) / 贾拥民 / 浙江人民出版社 / 2016-6 / 69.90

[内容简介] ● 《社交天性》是社会心理学家马修·利伯曼解读人类“社会脑”的权威之作,它告诉我们为什么在充满合作与竞争的智慧社会中人们喜爱社交又相互连接,个人的社会影响力如何得以发挥,书中处处充满了令人惊喜的洞见。 ● 为什么有的人天生善于社交,而有的人总是充满障碍? 为什么智商越高的人越难相处? 心痛对人的伤害甚至超过头痛? 慈善组织如何激发人们的捐赠行为? ......一起来看看 《社交天性》 这本书的介绍吧!

SHA 加密
SHA 加密

SHA 加密工具

Markdown 在线编辑器
Markdown 在线编辑器

Markdown 在线编辑器