内容简介:Linux Logwatch的学习总结
Logwatch 功能介绍
Logwatch是一款 Perl 脚本编写的、开源的日志分析工具。它能对原始的日志文件进行解析并转换成结构化格式的文档,也能根据您的使用情况和需求来定制报告。Logwatch的特点是配置简单、监控、分析日志方便,而且可以对某些功能进行定制化。 项目源码位于 https://sourceforge.net/projects/logwatch/ 。
LogWatch的官文档介绍:
Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish.
Logwatch 安装升级
1 : 查看是否安装Logwatch组件
[root@DB-Server ~]# rpm -qa | grep logwatch logwatch-7.3-9.el5_6
2: Logwatch 的安装、升级、卸载
2.1.1 Logwatch 的RPM安装
[root@DB-Server Server]# rpm -ivh logwatch-7.3-9.el5_6.noarch.rpm warning: logwatch-7.3-9.el5_6.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 37017186 Preparing... ########################################### [100%] package logwatch-7.3-9.el5_6.noarch is already installed [root@DB-Server Server]# [root@DB-Server Server]# yum install logwatch
2.1.2 Logwatch 的源码安装
[root@DB-Server tmp]# tar -xzvf logwatch-7.4.3.tar.gz [root@DB-Server tmp]# cd logwatch-7.4.3 [root@DB-Server logwatch-7.4.3]# ./install_logwatch.sh ################################# Preparing to install Logwatch Enter the path to the Logwatch BaseDir [/usr/share/logwatch] : ### Using /usr/share/logwatch Enter the path for the Logwatch ConfigDir [/etc/logwatch] : ### Using /etc/logwatch Enter the dir name to be used for temp files [/var/cache/logwatch] : ### Using /var/cache/logwatch Enter the location of perl [/usr/bin/perl] : ### Using /usr/bin/perl Enter the dir name to used for the manpage [/usr/share/man] : ### Using /usr/share/man ### Installing Created symlink for /usr/sbin/logwatch Created /etc/cron.daily/0logwatch
2.2 Logwatch 的卸载
[root@DB-Server Server]# rpm -e logwatch-7.3-9.el5_6
2.2 Logwatch 的升级
[root@DB-Server Server]#rpm -Uvh logwatch***.rpm
Logwatch 的配置介绍
Logwatch的配置文件为 /etc/logwatch/conf/logwatch.conf ,初始安装后,这个配置文件是空的。你可以将配置文件的模板拷贝过来,如果不做这一步,就会默认使用/usr/share/logwatch/default.conf/logwatch.conf 这个配置文件。
[root@DB-Server ~]# more /etc/logwatch/conf/logwatch.conf # Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf) [root@DB-Server ~]# cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/logwatch.conf cp: overwrite `/etc/logwatch/conf/logwatch.conf'? yes
配置的具体参数介绍:
LogDir = /var/log 系统日志或需要分析日志所在路径 TmpDir = /var/cache/logwatch 临时文件位置 Output = stdout 输出格式(stdout 屏幕上显示) Format = text 输出格式,有text、html选项可以选择 Encode = none 编码格式 MailTo = root 分析结果发送给那些人或邮件组。多个邮箱逗号隔开 MailFrom = Logwatch 邮件的发件人 Range = yesterday 处理什么时候的日志 , 可选项 All(所有) ,Yesterday(昨天) , Today(今天) Range = "1 hours ago for that hour" Range = "-7 days" Range = "between -7 days and -3 days" Range = "since March 15, 2017" Range = "first Friday in October" Range = "2017/04/15 12:50:15 for that second" Detail = Low 该参数控制着 Logwatch 报告的详细程, 可选项:Low , Med , High 也可以用0-10数字表示 其中High、Med、Low 几个选项分别代表着10、5和0数字。 Service = All 监控所有服务 all Service = "-httpd" 不监控的服务前面加 “-” , 如 -httpd ,即不监控 httpd 服务 , 可以写多条 mailer = "/usr/sbin/sendmail -t" 发送邮件的方式(可以选sendmail,postfix,Qmail)
注意不同版本的Logwatch的参数有所区别,例如如下logwatch-7.3-9与logwatch-7.4.3的对比如下
[root@DB-Server01 ~]# sed -n "/^\s*[^#\t].*$/p" /usr/share/logwatch/default.conf/logwatch.conf LogDir = /var/log TmpDir = /var/cache/logwatch MailTo = root MailFrom = Logwatch Print = No Range = yesterday Detail = Low Service = All Service = "-zz-network" # Prevents execution of zz-network service, which # prints useful network configuration info. Service = "-zz-sys" # Prevents execution of zz-sys service, which # prints useful system configuration info. Service = "-eximstats" # Prevents execution of eximstats service, which # is a wrapper for the eximstats program. mailer = "sendmail -t" [root@DB-Server ~]# sed -n "/^\s*[^#\t].*$/p" /etc/logwatch/conf/logwatch.conf LogDir = /var/log TmpDir = /var/cache/logwatch Output = stdout Format = text Encode = none MailTo = root MailFrom = Logwatch Range = yesterday Detail = Low Service = All Service = "-zz-network" # Prevents execution of zz-network service, which # prints useful network configuration info. Service = "-zz-sys" # Prevents execution of zz-sys service, which # prints useful system configuration info. Service = "-eximstats" # Prevents execution of eximstats service, which # is a wrapper for the eximstats program. mailer = "/usr/sbin/sendmail -t" [root@DB-Server ~]#
Logwatch 并不是以系统服务形式来跑的 ,而是在/etc/cron.daily下生成了一个脚本/etc/cron.daily/0logwatch ,有些版本是一个软链 。如下所示。 当然你也可以在crontab里面设置自己的作业.如果要使用发送邮件功能,你必须提前进行配置。例如,配置sendmail。
logwatch-7.3-9
[root@mynx01 ~]# ls -l /etc/cron.daily/0logwatch lrwxrwxrwx 1 root root 39 Apr 23 2015 /etc/cron.daily/0logwatch -> /usr/share/logwatch/scripts/logwatch.pl
logwatch-7.4.3
[root@DB-Server tmp]# more /etc/cron.daily/0logwatch #!/bin/sh #Set logwatch location LOGWATCH_SCRIPT="/usr/sbin/logwatch" #Add options to this line. Most options should be defined in /etc/logwatch/conf/logwatch.conf, #but some are only for the nightly cronrun such as --output mail and should be set here. #Other options to consider might be "--format html" or "--encode base64", man logwatch for more details. OPTIONS="--output mail" #Call logwatch $LOGWATCH_SCRIPT $OPTIONS exit 0 [root@DB-Server tmp]# ls -l /etc/cron.daily/0logwatch -rwxr-xr-x 1 root root 434 Apr 27 15:09 /etc/cron.daily/0logwatch [root@DB-Server tmp]#
Logwatch 的用例介绍
1: 查看logwatch的帮助信息(注意不同版本间的区别)
[root@DB-Server log]# logwatch --help Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>] [--output <output_type>] [--format <format_type>] [--encode <enconding>] [--numeric] [--mailto <addr>] [--archives] [--range <range>] [--debug <level>] [--filename <filename>] [--help|--usage] [--version] [--service <name>] [--hostformat <host_format type>] [--hostlimit <host1,host2>] [--html_wrap <num_characters>] --detail <level>: Report Detail Level - High, Med, Low or any #. --logfile <name>: *Name of a logfile definition to report on. --logdir <name>: Name of default directory where logs are stored. --service <name>: *Name of a service definition to report on. --output <output type>: Report Output - stdout [default], mail, file. --format <formatting>: Report Format - text [default], html. --encode <encoding>: Enconding to use - none [default], base64. --mailto <addr>: Mail report to <addr>. --archives: Use archived log files too. --filename <filename>: Used to specify they filename to save to. --filename <filename> [Forces output to file]. --range <range>: Date range: Yesterday, Today, All, Help where help will describe additional options --numeric: Display addresses numerically rather than symbolically and numerically (saves a nameserver address-to-name lookup). --debug <level>: Debug Level - High, Med, Low or any #. --hostformat: Host Based Report Options - none [default], split, splitmail. --hostlimit: Limit report to hostname - host1,host2. --hostname: overwrites hostname --html_wrap <num_characters>: Default is 80. --version: Displays current version. --help: This message. --usage: Same as --help. * = Switch can be specified multiple times...
2:Logwatch的使用案例:
perl /usr/share/logwatch/scripts/logwatch.pl
logwatch --service sshd --print
logwatch --detail High --Service All --range All --print
logwatch --detail High --Service All --range All --output stdout
logwatch --detail 10 --range today --service http --service postfix --service zz-disk_space --format html --output file --filename /tmp/logwatch.html
注意上面有些版本不能执行,例如logwatch-7.4.3中就没有参数--print,需要用参数--output
[root@MyLinx ~]# logwatch --service sshd --print ################### Logwatch 7.3 (03/24/06) #################### Processing Initiated: Mon Apr 24 08:11:00 2017 Date Range Processed: yesterday ( 2017-Apr-23 ) Period is day. Detail Level of Output: 10 Type of Output: unformatted Logfiles for Host: xxx.xxx.xxx ################################################################## --------------------- SSHD Begin ------------------------ Users logging in through sshd: xxxxx: 192.168.xxx.xxx (xxxx): 276 times oracle: 192.168.xxx.xxx (xxxxx): 1 time Received disconnect: 11: The user disconnected the application 192.168.xxx.xxx : 276 Time(s) ---------------------- SSHD End ------------------------- ###################### Logwatch End ######################### [root@DB-Server log]# logwatch --detail 10 --range all --service sshd --format text --output file --filename /tmp/logwatch.txt [root@DB-Server log]# more /tmp/logwatch.txt ################### Logwatch 7.4.3 (04/27/16) #################### Processing Initiated: Thu Apr 27 17:17:42 2017 Date Range Processed: all Detail Level of Output: 10 Type of Output/Format: file / text Logfiles for Host: DB-Server.localdomain ################################################################## --------------------- SSHD Begin ------------------------ Couldn't resolve these IPs: get253194.gfg1.esquel.com(192.168.103.21): 1 Time(s) get253194.gfg1.esquel.com(192.168.103.26): 1 Time(s) Failed logins from: 192.168.7.xxx: 1 time root/password: 1 time Users logging in through sshd: root: 192.168.103.15 (xxxxx): 4 times 192.168.103.21 (xxxxx): 4 times 192.168.103.22 (xxxxx): 3 times 192.168.103.26 (xxxxx): 2 times SFTP subsystem requests: 6 Time(s) ---------------------- SSHD End ------------------------- ###################### Logwatch End #########################
以上所述就是小编给大家介绍的《Linux Logwatch的学习总结》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Ajax Design Patterns
Michael Mahemoff / O'Reilly Media / 2006-06-29 / USD 44.99
Ajax, or Asynchronous JavaScript and XML, exploded onto the scene in the spring of 2005 and remains the hottest story among web developers. With its rich combination of technologies, Ajax provides a s......一起来看看 《Ajax Design Patterns》 这本书的介绍吧!