June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
9.36. Summarizing Your Logs with logwatch
Problem
You want to scan your system log files for reports of problems.
Solution
Use logwatch, from http://www.logwatch.org. For example:
# logwatch --range all --archives --detail High --print | less
to see all the useful data logwatch can display, or:
# logwatch --print | less
to see only yesterday’s entries.
Discussion
logwatch is a handy utility to scan system log files and display unexpected entries. Red Hat includes it but SuSE does not. If you need it, download the binary RPM from http://www.logwatch.org,[13] and install it, as root:
# rpm -Uhv logwatch-*.noarch.rpm
The easiest way to see what logwatch does is to run it:
$ logwatch --range all --print | less ################### LogWatch 4.2.1 (10/27/02) #################### Processing Initiated: Sun Nov 10 20:53:49 2002 Date Range Processed: all Detail Level of Output: 0 Logfiles for Host: myhost ############################################################### --------------------- Connections (secure-log) Begin ------------------------ Unauthorized sudo commands attempted (1): smith: /usr/bin/tail -30 /var/log/maillog ---------------------- Connections (secure-log) End ------------------------- --------------------- SSHD Begin ------------------------ SSHD Killed: 2 Time(s) SSHD Started: 1 Time(s) Users logging in through sshd: smith logged in from foo.example.com (128.91.0.3) using publickey: 1 Time(s) Refused incoming connections: 200.23.18.56: 1 Time(s) ---------------------- SSHD End ...