Linux Logwatch的学习总结

栏目: Perl · 发布时间: 6年前

内容简介:Linux Logwatch的学习总结

Logwatch 功能介绍

Logwatch是一款 Perl 脚本编写的、开源的日志分析工具。它能对原始的日志文件进行解析并转换成结构化格式的文档,也能根据您的使用情况和需求来定制报告。Logwatch的特点是配置简单、监控、分析日志方便,而且可以对某些功能进行定制化。 项目源码位于 https://sourceforge.net/projects/logwatch/

LogWatch的官文档介绍:

Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish.

Logwatch 安装升级

1 : 查看是否安装Logwatch组件

[root@DB-Server ~]# rpm -qa | grep logwatch
logwatch-7.3-9.el5_6

2: Logwatch 的安装、升级、卸载

2.1.1 Logwatch 的RPM安装

[root@DB-Server Server]# rpm -ivh logwatch-7.3-9.el5_6.noarch.rpm
warning: logwatch-7.3-9.el5_6.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...                ########################################### [100%]
        package logwatch-7.3-9.el5_6.noarch is already installed
[root@DB-Server Server]#
 
 
 
[root@DB-Server Server]# yum install logwatch

2.1.2 Logwatch 的源码安装

[root@DB-Server tmp]# tar -xzvf logwatch-7.4.3.tar.gz
[root@DB-Server tmp]# cd logwatch-7.4.3
[root@DB-Server logwatch-7.4.3]# ./install_logwatch.sh
#################################
Preparing to install Logwatch
Enter the path to the Logwatch BaseDir [/usr/share/logwatch] : 
### Using /usr/share/logwatch
Enter the path for the Logwatch ConfigDir [/etc/logwatch] : 
### Using /etc/logwatch
Enter the dir name to be used for temp files [/var/cache/logwatch] : 
### Using /var/cache/logwatch
Enter the location of perl [/usr/bin/perl] : 
### Using /usr/bin/perl
Enter the dir name to used for the manpage [/usr/share/man] : 
### Using /usr/share/man
### Installing
Created symlink for /usr/sbin/logwatch 
Created /etc/cron.daily/0logwatch 

Linux Logwatch的学习总结

2.2 Logwatch 的卸载

[root@DB-Server Server]# rpm -e logwatch-7.3-9.el5_6

2.2 Logwatch 的升级

[root@DB-Server Server]#rpm -Uvh logwatch***.rpm

Logwatch 的配置介绍

Logwatch的配置文件为 /etc/logwatch/conf/logwatch.conf ,初始安装后,这个配置文件是空的。你可以将配置文件的模板拷贝过来,如果不做这一步,就会默认使用/usr/share/logwatch/default.conf/logwatch.conf 这个配置文件。

[root@DB-Server ~]# more  /etc/logwatch/conf/logwatch.conf
# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)
[root@DB-Server ~]# cp  /usr/share/logwatch/default.conf/logwatch.conf  /etc/logwatch/conf/logwatch.conf
cp: overwrite `/etc/logwatch/conf/logwatch.conf'? yes

配置的具体参数介绍:

LogDir = /var/log                系统日志或需要分析日志所在路径
 
TmpDir = /var/cache/logwatch     临时文件位置
 
Output = stdout                  输出格式(stdout 屏幕上显示)
 
Format = text                    输出格式,有text、html选项可以选择
 
Encode = none                    编码格式
 
MailTo = root                    分析结果发送给那些人或邮件组。多个邮箱逗号隔开
 
MailFrom = Logwatch              邮件的发件人
 
Range = yesterday                处理什么时候的日志 , 可选项 All(所有) ,Yesterday(昨天) , Today(今天)
 
                                 Range = "1 hours ago for that hour"
 
                                 Range = "-7 days"
 
                                 Range = "between -7 days and -3 days"
 
                                 Range = "since March 15, 2017"
 
                                 Range = "first Friday in October"
 
                                 Range = "2017/04/15 12:50:15 for that second"
 
Detail = Low                     该参数控制着 Logwatch 报告的详细程, 可选项:Low , Med , High 也可以用0-10数字表示
 
                                 其中High、Med、Low 几个选项分别代表着10、5和0数字。
 
Service = All                    监控所有服务 all
 
Service = "-httpd"               不监控的服务前面加 “-” , 如 -httpd ,即不监控 httpd 服务 , 可以写多条
 
mailer = "/usr/sbin/sendmail -t" 发送邮件的方式(可以选sendmail,postfix,Qmail)

注意不同版本的Logwatch的参数有所区别,例如如下logwatch-7.3-9与logwatch-7.4.3的对比如下

[root@DB-Server01 ~]# sed -n "/^\s*[^#\t].*$/p" /usr/share/logwatch/default.conf/logwatch.conf
LogDir = /var/log
TmpDir = /var/cache/logwatch
MailTo = root
MailFrom = Logwatch
Print = No
Range = yesterday
Detail = Low 
Service = All
Service = "-zz-network"     # Prevents execution of zz-network service, which
                            # prints useful network configuration info.
Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                            # prints useful system configuration info.
Service = "-eximstats"      # Prevents execution of eximstats service, which
                            # is a wrapper for the eximstats program.
mailer = "sendmail -t"
 
 
 
[root@DB-Server ~]# sed -n "/^\s*[^#\t].*$/p" /etc/logwatch/conf/logwatch.conf
LogDir = /var/log
TmpDir = /var/cache/logwatch
Output = stdout
Format = text
Encode = none
MailTo = root
MailFrom = Logwatch
Range = yesterday
Detail = Low
Service = All
Service = "-zz-network"     # Prevents execution of zz-network service, which
                            # prints useful network configuration info.
Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                            # prints useful system configuration info.
Service = "-eximstats"      # Prevents execution of eximstats service, which
                            # is a wrapper for the eximstats program.
mailer = "/usr/sbin/sendmail -t"
[root@DB-Server ~]# 

Linux Logwatch的学习总结

Logwatch 并不是以系统服务形式来跑的 ,而是在/etc/cron.daily下生成了一个脚本/etc/cron.daily/0logwatch ,有些版本是一个软链 。如下所示。 当然你也可以在crontab里面设置自己的作业.如果要使用发送邮件功能,你必须提前进行配置。例如,配置sendmail。

logwatch-7.3-9

[root@mynx01 ~]# ls -l /etc/cron.daily/0logwatch
lrwxrwxrwx 1 root root 39 Apr 23  2015 /etc/cron.daily/0logwatch -> /usr/share/logwatch/scripts/logwatch.pl

logwatch-7.4.3

[root@DB-Server tmp]# more  /etc/cron.daily/0logwatch
#!/bin/sh
 
#Set logwatch location
LOGWATCH_SCRIPT="/usr/sbin/logwatch"
#Add options to this line. Most options should be defined in /etc/logwatch/conf/logwatch.conf,
#but some are only for the nightly cronrun such as --output mail and should be set here.
#Other options to consider might be "--format html" or "--encode base64", man logwatch for more details.
OPTIONS="--output mail"
 
#Call logwatch
$LOGWATCH_SCRIPT $OPTIONS
 
exit 0
[root@DB-Server tmp]# ls -l  /etc/cron.daily/0logwatch
-rwxr-xr-x 1 root root 434 Apr 27 15:09 /etc/cron.daily/0logwatch
[root@DB-Server tmp]# 

Logwatch 的用例介绍

1: 查看logwatch的帮助信息(注意不同版本间的区别)

[root@DB-Server log]# logwatch --help
 
Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>] [--output <output_type>]
   [--format <format_type>] [--encode <enconding>] [--numeric]
   [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]
   [--filename <filename>] [--help|--usage] [--version] [--service <name>]
   [--hostformat <host_format type>] [--hostlimit <host1,host2>] [--html_wrap <num_characters>]
 
--detail <level>: Report Detail Level - High, Med, Low or any #.
--logfile <name>: *Name of a logfile definition to report on.
--logdir <name>: Name of default directory where logs are stored.
--service <name>: *Name of a service definition to report on.
--output <output type>: Report Output - stdout [default], mail, file.
--format <formatting>: Report Format - text [default], html.
--encode <encoding>: Enconding to use - none [default], base64.
--mailto <addr>: Mail report to <addr>.
--archives: Use archived log files too.
--filename <filename>: Used to specify they filename to save to. --filename <filename> [Forces output to file].
--range <range>: Date range: Yesterday, Today, All, Help
                             where help will describe additional options
--numeric: Display addresses numerically rather than symbolically and numerically
           (saves  a  nameserver address-to-name lookup).
--debug <level>: Debug Level - High, Med, Low or any #.
--hostformat: Host Based Report Options - none [default], split, splitmail.
--hostlimit: Limit report to hostname - host1,host2.
--hostname: overwrites hostname
--html_wrap <num_characters>: Default is 80.
--version: Displays current version.
--help: This message.
--usage: Same as --help.
* = Switch can be specified multiple times...

2:Logwatch的使用案例:

perl /usr/share/logwatch/scripts/logwatch.pl

logwatch --service sshd --print

logwatch --detail High --Service All --range All --print

logwatch --detail High --Service All --range All --output stdout

logwatch --detail 10 --range today --service http --service postfix --service zz-disk_space --format html --output file --filename /tmp/logwatch.html

注意上面有些版本不能执行,例如logwatch-7.4.3中就没有参数--print,需要用参数--output

[root@MyLinx ~]#  logwatch --service sshd --print 
 
 ################### Logwatch 7.3 (03/24/06) ####################
        Processing Initiated: Mon Apr 24 08:11:00 2017
        Date Range Processed: yesterday
                              ( 2017-Apr-23 )
                              Period is day.
      Detail Level of Output: 10
              Type of Output: unformatted
           Logfiles for Host: xxx.xxx.xxx
  ##################################################################
 
 --------------------- SSHD Begin ------------------------ 
 
 Users logging in through sshd:
    xxxxx:
       192.168.xxx.xxx (xxxx): 276 times
    oracle:
       192.168.xxx.xxx (xxxxx): 1 time
 
 
 Received disconnect:
    11: The user disconnected the application
       192.168.xxx.xxx : 276 Time(s)
 
 ---------------------- SSHD End ------------------------- 
 
 
 ###################### Logwatch End #########################
 
[root@DB-Server log]# logwatch --detail 10 --range all --service sshd --format text --output file --filename /tmp/logwatch.txt
[root@DB-Server log]# more /tmp/logwatch.txt
 
 ################### Logwatch 7.4.3 (04/27/16) ####################
        Processing Initiated: Thu Apr 27 17:17:42 2017
        Date Range Processed: all
        Detail Level of Output: 10
        Type of Output/Format: file / text
        Logfiles for Host: DB-Server.localdomain
 ##################################################################
 
 --------------------- SSHD Begin ------------------------ 
 
 Couldn't resolve these IPs:
    get253194.gfg1.esquel.com(192.168.103.21): 1 Time(s)
    get253194.gfg1.esquel.com(192.168.103.26): 1 Time(s)
 
 Failed logins from:
    192.168.7.xxx: 1 time
       root/password: 1 time
 
 Users logging in through sshd:
    root:
       192.168.103.15 (xxxxx): 4 times
       192.168.103.21 (xxxxx): 4 times
       192.168.103.22 (xxxxx): 3 times
       192.168.103.26 (xxxxx): 2 times
 
 SFTP subsystem requests: 6 Time(s)
 
 ---------------------- SSHD End ------------------------- 
 
 
 ###################### Logwatch End #########################

以上所述就是小编给大家介绍的《Linux Logwatch的学习总结》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Ajax Design Patterns

Ajax Design Patterns

Michael Mahemoff / O'Reilly Media / 2006-06-29 / USD 44.99

Ajax, or Asynchronous JavaScript and XML, exploded onto the scene in the spring of 2005 and remains the hottest story among web developers. With its rich combination of technologies, Ajax provides a s......一起来看看 《Ajax Design Patterns》 这本书的介绍吧!

HTML 压缩/解压工具
HTML 压缩/解压工具

在线压缩/解压 HTML 代码

图片转BASE64编码
图片转BASE64编码

在线图片转Base64编码工具

HSV CMYK 转换工具
HSV CMYK 转换工具

HSV CMYK互换工具