HOWTO:Installing LogWatch

From EnGardeWiki

Jump to: navigation, search

Contents

[edit]

What's LogWatch

According its official website, Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is easy to use and will work right out of the package on most systems.

[edit]

LogWatch configuration

Since in Engarde's repositories there still aren't any Extra Packages for LogWatch you have to download and build it from sources. You can download it from the official home page here.

Once you logged in as root since there is no SELinux Policy loaded for LogWatch and you're not allowed by default using WGET you have to switch into permissive mode by typing the following commands: 

    # newrole -r sysadm_r
    # setenforce 0

The permissive mode now allows you to use wget and download the sources: 

    # wget ftp://ftp.kaybee.org/pub/linux/logwatch-7.3.4.tar.gz

Now run the following commands: 

    # tar xzf logwatch-7.3.4.tar.gz
    # cd logwatch-7.3.4/
    # mkdir /etc/log.d/
    # cp -R conf lib scripts /etc/log.d
    # (cd /usr/bin && ln -s ../../etc/log.d/scripts/logwatch.pl logwatch)

If want to build the package by using a simple bash-based installer run these commands: 

    # cd logwatch-7.3.4/
    # chmod +x install_logwatch.sh
    # ./install_logwatch.sh
[edit]

LogWatch and Cron

If you want to run logwatch daily by using Cron you can simply make a symbolik link from the logwatch.pl script to /etc/cron.daily/logwatch.pl and the script will do the work daily.

[edit]

LogWatch Configuration

The default LogWatch configuration file is placed in /etc/log.d/conf/logwatch.conf. You can edit it by using your favourite editor if you want to add or remove some features to your default installation. You can simply understand the meaning of each line thanks to the comments.

[edit]

Using LogWatch

Now you're ready to run LogWatch. Here some examples of use on our test machine.

The first: 

    # logwatch --print --detail High --archives --range All

Now we're printing (--print) the informations on the standard output (monitor) with an high level of details (--detail High) including the archived logs (--archives) with all the messages of each date (--range ALL).

The second: 

    # logwatch --save logwatch.txt --range Today

We're saving the output in the "logwatch.txt" file (--save logwatch.txt) regarding the current day (--range Today) using the the default parameters defined in the configuration file.

Retrieved from "http://wiki.engardelinux.org/index.php/HOWTO:Installing_LogWatch"
Personal tools