Benutzer-Werkzeuge

Webseiten-Werkzeuge


tachtler:logwatch

Logwatch

Logwatch ist ein konfigurierbares Log-Analyse-System. Es analysiert System-Log-Dateien und erstellt entsprechende Auswertungen, in Bereiche unterteilt, welche ebenfalls konfigurierbar sind.

Ab hier werden root-Rechte zur Ausführung der nachfolgenden Befehle benötigt. Um root zu werden geben Sie bitte folgenden Befehl ein:

$ su -
Password: 

Installation

Jede ernst zunehmende Linux-Distribution sollte ein vorkonfiguriertes Logwatch-Paket mit sich bringen. Deswegen ist eine Installation auch unter CentOS eine Sache des Paket-Managers yum.

Zur Installation von Logwatch wird nachfolgendes Paket benötigt:

  • logwatch - ist im base-Repository von CentOS enthalten

installiert werden.

Mit nachfolgendem Befehl, wird das Pakete logwatch installiert:

# yum install logwatch
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package logwatch.noarch 0:7.3.6-49.el6 will be installed
--> Processing Dependency: perl(Date::Manip) for package: logwatch-7.3.6-49.el6.noarch
--> Running transaction check
---> Package perl-Date-Manip.noarch 0:6.24-1.el6 will be installed
--> Processing Dependency: perl(YAML::Syck) for package: perl-Date-Manip-6.24-1.el6.noarch
--> Running transaction check
---> Package perl-YAML-Syck.x86_64 0:1.07-4.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                 Arch           Version              Repository    Size
================================================================================
Installing:
 logwatch                noarch         7.3.6-49.el6         base         298 k
Installing for dependencies:
 perl-Date-Manip         noarch         6.24-1.el6           base         1.4 M
 perl-YAML-Syck          x86_64         1.07-4.el6           base          75 k

Transaction Summary
================================================================================
Install       3 Package(s)

Total download size: 1.7 M
Installed size: 11 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): logwatch-7.3.6-49.el6.noarch.rpm                  | 298 kB     00:00
(2/3): perl-Date-Manip-6.24-1.el6.noarch.rpm             | 1.4 MB     00:00
(3/3): perl-YAML-Syck-1.07-4.el6.x86_64.rpm              |  75 kB     00:00
--------------------------------------------------------------------------------
Total                                            12 MB/s | 1.7 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : perl-YAML-Syck-1.07-4.el6.x86_64                             1/3
  Installing : perl-Date-Manip-6.24-1.el6.noarch                            2/3
  Installing : logwatch-7.3.6-49.el6.noarch                                 3/3

Installed:
  logwatch.noarch 0:7.3.6-49.el6

Dependency Installed:
  perl-Date-Manip.noarch 0:6.24-1.el6     perl-YAML-Syck.x86_64 0:1.07-4.el6

Complete!

Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket logwatch installiert wurden.

# rpm -qil logwatch
Name        : logwatch                     Relocations: (not relocatable)
Version     : 7.3.6                             Vendor: CentOS
Release     : 49.el6                        Build Date: Sat 25 Jun 2011 12:17:38 PM CEST
Install Date: Sun 11 Mar 2012 06:57:19 AM CET      Build Host: c6b5.bsys.dev.centos.org
Group       : Applications/System           Source RPM: logwatch-7.3.6-49.el6.src.rpm
Size        : 1308246                          License: MIT
Signature   : RSA/8, Wed 06 Jul 2011 03:40:39 AM CEST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://www.logwatch.org/
Summary     : A log file analysis program
Description :
Logwatch is a customizable, pluggable log-monitoring system.  It will go
through your logs for a given period of time and make a report in the areas
that you wish with the detail that you wish.  Easy to use - works right out
of the package on many systems.
/etc/cron.daily/0logwatch
/etc/logwatch
/etc/logwatch/conf
/etc/logwatch/conf/ignore.conf
/etc/logwatch/conf/logfiles
/etc/logwatch/conf/logwatch.conf
/etc/logwatch/conf/override.conf
/etc/logwatch/conf/services
/etc/logwatch/scripts
/etc/logwatch/scripts/services
/usr/sbin/logwatch
/usr/share/doc/logwatch-7.3.6
/usr/share/doc/logwatch-7.3.6/CHANGES
/usr/share/doc/logwatch-7.3.6/HOWTO-Customize-LogWatch
/usr/share/doc/logwatch-7.3.6/License
/usr/share/doc/logwatch-7.3.6/README
/usr/share/logwatch
/usr/share/logwatch/default.conf
/usr/share/logwatch/default.conf/html
/usr/share/logwatch/default.conf/html/footer.html
/usr/share/logwatch/default.conf/html/header.html
/usr/share/logwatch/default.conf/logfiles
/usr/share/logwatch/default.conf/logfiles/autorpm.conf
/usr/share/logwatch/default.conf/logfiles/bfd.conf
/usr/share/logwatch/default.conf/logfiles/cisco.conf
/usr/share/logwatch/default.conf/logfiles/clam-update.conf
/usr/share/logwatch/default.conf/logfiles/cron.conf
/usr/share/logwatch/default.conf/logfiles/daemon.conf
/usr/share/logwatch/default.conf/logfiles/denyhosts.conf
/usr/share/logwatch/default.conf/logfiles/dnssec.conf
/usr/share/logwatch/default.conf/logfiles/dpkg.conf
/usr/share/logwatch/default.conf/logfiles/emerge.conf
/usr/share/logwatch/default.conf/logfiles/eventlog.conf
/usr/share/logwatch/default.conf/logfiles/exim.conf
/usr/share/logwatch/default.conf/logfiles/extreme-networks.conf
/usr/share/logwatch/default.conf/logfiles/fail2ban.conf
/usr/share/logwatch/default.conf/logfiles/http.conf
/usr/share/logwatch/default.conf/logfiles/iptables.conf
/usr/share/logwatch/default.conf/logfiles/kernel.conf
/usr/share/logwatch/default.conf/logfiles/maillog.conf
/usr/share/logwatch/default.conf/logfiles/messages.conf
/usr/share/logwatch/default.conf/logfiles/netopia.conf
/usr/share/logwatch/default.conf/logfiles/netscreen.conf
/usr/share/logwatch/default.conf/logfiles/php.conf
/usr/share/logwatch/default.conf/logfiles/pix.conf
/usr/share/logwatch/default.conf/logfiles/pureftp.conf
/usr/share/logwatch/default.conf/logfiles/qmail-pop3d-current.conf
/usr/share/logwatch/default.conf/logfiles/qmail-pop3ds-current.conf
/usr/share/logwatch/default.conf/logfiles/qmail-send-current.conf
/usr/share/logwatch/default.conf/logfiles/qmail-smtpd-current.conf
/usr/share/logwatch/default.conf/logfiles/resolver.conf
/usr/share/logwatch/default.conf/logfiles/rt314.conf
/usr/share/logwatch/default.conf/logfiles/samba.conf
/usr/share/logwatch/default.conf/logfiles/secure.conf
/usr/share/logwatch/default.conf/logfiles/sonicwall.conf
/usr/share/logwatch/default.conf/logfiles/syslog.conf
/usr/share/logwatch/default.conf/logfiles/tac_acc.conf
/usr/share/logwatch/default.conf/logfiles/up2date.conf
/usr/share/logwatch/default.conf/logfiles/vsftpd.conf
/usr/share/logwatch/default.conf/logfiles/windows.conf
/usr/share/logwatch/default.conf/logfiles/xferlog.conf
/usr/share/logwatch/default.conf/logfiles/yum.conf
/usr/share/logwatch/default.conf/logwatch.conf
/usr/share/logwatch/default.conf/services
/usr/share/logwatch/default.conf/services/afpd.conf
/usr/share/logwatch/default.conf/services/amavis.conf
/usr/share/logwatch/default.conf/services/arpwatch.conf
/usr/share/logwatch/default.conf/services/audit.conf
/usr/share/logwatch/default.conf/services/automount.conf
/usr/share/logwatch/default.conf/services/autorpm.conf
/usr/share/logwatch/default.conf/services/bfd.conf
/usr/share/logwatch/default.conf/services/cisco.conf
/usr/share/logwatch/default.conf/services/clam-update.conf
/usr/share/logwatch/default.conf/services/clamav-milter.conf
/usr/share/logwatch/default.conf/services/clamav.conf
/usr/share/logwatch/default.conf/services/courier.conf
/usr/share/logwatch/default.conf/services/cron.conf
/usr/share/logwatch/default.conf/services/denyhosts.conf
/usr/share/logwatch/default.conf/services/dhcpd.conf
/usr/share/logwatch/default.conf/services/dnssec.conf
/usr/share/logwatch/default.conf/services/dovecot.conf
/usr/share/logwatch/default.conf/services/dpkg.conf
/usr/share/logwatch/default.conf/services/emerge.conf
/usr/share/logwatch/default.conf/services/evtapplication.conf
/usr/share/logwatch/default.conf/services/evtsecurity.conf
/usr/share/logwatch/default.conf/services/evtsystem.conf
/usr/share/logwatch/default.conf/services/exim.conf
/usr/share/logwatch/default.conf/services/eximstats.conf
/usr/share/logwatch/default.conf/services/extreme-networks.conf
/usr/share/logwatch/default.conf/services/fail2ban.conf
/usr/share/logwatch/default.conf/services/ftpd-messages.conf
/usr/share/logwatch/default.conf/services/ftpd-xferlog.conf
/usr/share/logwatch/default.conf/services/http.conf
/usr/share/logwatch/default.conf/services/identd.conf
/usr/share/logwatch/default.conf/services/imapd.conf
/usr/share/logwatch/default.conf/services/in.qpopper.conf
/usr/share/logwatch/default.conf/services/init.conf
/usr/share/logwatch/default.conf/services/ipop3d.conf
/usr/share/logwatch/default.conf/services/iptables.conf
/usr/share/logwatch/default.conf/services/kernel.conf
/usr/share/logwatch/default.conf/services/mailscanner.conf
/usr/share/logwatch/default.conf/services/modprobe.conf
/usr/share/logwatch/default.conf/services/mountd.conf
/usr/share/logwatch/default.conf/services/named.conf
/usr/share/logwatch/default.conf/services/netopia.conf
/usr/share/logwatch/default.conf/services/netscreen.conf
/usr/share/logwatch/default.conf/services/oidentd.conf
/usr/share/logwatch/default.conf/services/openvpn.conf
/usr/share/logwatch/default.conf/services/pam.conf
/usr/share/logwatch/default.conf/services/pam_pwdb.conf
/usr/share/logwatch/default.conf/services/pam_unix.conf
/usr/share/logwatch/default.conf/services/php.conf
/usr/share/logwatch/default.conf/services/pix.conf
/usr/share/logwatch/default.conf/services/pluto.conf
/usr/share/logwatch/default.conf/services/pop3.conf
/usr/share/logwatch/default.conf/services/portsentry.conf
/usr/share/logwatch/default.conf/services/postfix.conf
/usr/share/logwatch/default.conf/services/pound.conf
/usr/share/logwatch/default.conf/services/proftpd-messages.conf
/usr/share/logwatch/default.conf/services/pureftpd.conf
/usr/share/logwatch/default.conf/services/qmail-pop3d.conf
/usr/share/logwatch/default.conf/services/qmail-pop3ds.conf
/usr/share/logwatch/default.conf/services/qmail-send.conf
/usr/share/logwatch/default.conf/services/qmail-smtpd.conf
/usr/share/logwatch/default.conf/services/qmail.conf
/usr/share/logwatch/default.conf/services/raid.conf
/usr/share/logwatch/default.conf/services/resolver.conf
/usr/share/logwatch/default.conf/services/rt314.conf
/usr/share/logwatch/default.conf/services/samba.conf
/usr/share/logwatch/default.conf/services/saslauthd.conf
/usr/share/logwatch/default.conf/services/scsi.conf
/usr/share/logwatch/default.conf/services/secure.conf
/usr/share/logwatch/default.conf/services/sendmail-largeboxes.conf
/usr/share/logwatch/default.conf/services/sendmail.conf
/usr/share/logwatch/default.conf/services/shaperd.conf
/usr/share/logwatch/default.conf/services/slon.conf
/usr/share/logwatch/default.conf/services/smartd.conf
/usr/share/logwatch/default.conf/services/sonicwall.conf
/usr/share/logwatch/default.conf/services/sshd.conf
/usr/share/logwatch/default.conf/services/sshd2.conf
/usr/share/logwatch/default.conf/services/stunnel.conf
/usr/share/logwatch/default.conf/services/sudo.conf
/usr/share/logwatch/default.conf/services/syslogd.conf
/usr/share/logwatch/default.conf/services/tac_acc.conf
/usr/share/logwatch/default.conf/services/up2date.conf
/usr/share/logwatch/default.conf/services/vpopmail.conf
/usr/share/logwatch/default.conf/services/vsftpd.conf
/usr/share/logwatch/default.conf/services/windows.conf
/usr/share/logwatch/default.conf/services/xntpd.conf
/usr/share/logwatch/default.conf/services/yum.conf
/usr/share/logwatch/default.conf/services/zz-disk_space.conf
/usr/share/logwatch/default.conf/services/zz-fortune.conf
/usr/share/logwatch/default.conf/services/zz-network.conf
/usr/share/logwatch/default.conf/services/zz-runtime.conf
/usr/share/logwatch/default.conf/services/zz-sys.conf
/usr/share/logwatch/dist.conf
/usr/share/logwatch/dist.conf/logfiles
/usr/share/logwatch/dist.conf/services
/usr/share/logwatch/lib
/usr/share/logwatch/lib/Logwatch.pm
/usr/share/logwatch/scripts
/usr/share/logwatch/scripts/logfiles
/usr/share/logwatch/scripts/logfiles/autorpm
/usr/share/logwatch/scripts/logfiles/autorpm/applydate
/usr/share/logwatch/scripts/logfiles/cron
/usr/share/logwatch/scripts/logfiles/cron/applydate
/usr/share/logwatch/scripts/logfiles/emerge
/usr/share/logwatch/scripts/logfiles/emerge/applydate
/usr/share/logwatch/scripts/logfiles/samba
/usr/share/logwatch/scripts/logfiles/samba/applydate
/usr/share/logwatch/scripts/logfiles/samba/removeheaders
/usr/share/logwatch/scripts/logfiles/up2date
/usr/share/logwatch/scripts/logfiles/up2date/applydate
/usr/share/logwatch/scripts/logfiles/up2date/removeheaders
/usr/share/logwatch/scripts/logfiles/xferlog
/usr/share/logwatch/scripts/logfiles/xferlog/applydate
/usr/share/logwatch/scripts/logfiles/xferlog/removeheaders
/usr/share/logwatch/scripts/logfiles/yum
/usr/share/logwatch/scripts/logfiles/yum/applydate
/usr/share/logwatch/scripts/logwatch.pl
/usr/share/logwatch/scripts/services
/usr/share/logwatch/scripts/services/afpd
/usr/share/logwatch/scripts/services/amavis
/usr/share/logwatch/scripts/services/arpwatch
/usr/share/logwatch/scripts/services/audit
/usr/share/logwatch/scripts/services/automount
/usr/share/logwatch/scripts/services/autorpm
/usr/share/logwatch/scripts/services/bfd
/usr/share/logwatch/scripts/services/cisco
/usr/share/logwatch/scripts/services/clam-update
/usr/share/logwatch/scripts/services/clamav
/usr/share/logwatch/scripts/services/clamav-milter
/usr/share/logwatch/scripts/services/courier
/usr/share/logwatch/scripts/services/cron
/usr/share/logwatch/scripts/services/denyhosts
/usr/share/logwatch/scripts/services/dhcpd
/usr/share/logwatch/scripts/services/dnssec
/usr/share/logwatch/scripts/services/dovecot
/usr/share/logwatch/scripts/services/dpkg
/usr/share/logwatch/scripts/services/emerge
/usr/share/logwatch/scripts/services/evtapplication
/usr/share/logwatch/scripts/services/evtsecurity
/usr/share/logwatch/scripts/services/evtsystem
/usr/share/logwatch/scripts/services/exim
/usr/share/logwatch/scripts/services/eximstats
/usr/share/logwatch/scripts/services/extreme-networks
/usr/share/logwatch/scripts/services/fail2ban
/usr/share/logwatch/scripts/services/ftpd-messages
/usr/share/logwatch/scripts/services/ftpd-xferlog
/usr/share/logwatch/scripts/services/http
/usr/share/logwatch/scripts/services/identd
/usr/share/logwatch/scripts/services/imapd
/usr/share/logwatch/scripts/services/in.qpopper
/usr/share/logwatch/scripts/services/init
/usr/share/logwatch/scripts/services/ipop3d
/usr/share/logwatch/scripts/services/iptables
/usr/share/logwatch/scripts/services/kernel
/usr/share/logwatch/scripts/services/mailscanner
/usr/share/logwatch/scripts/services/modprobe
/usr/share/logwatch/scripts/services/mountd
/usr/share/logwatch/scripts/services/named
/usr/share/logwatch/scripts/services/netopia
/usr/share/logwatch/scripts/services/netscreen
/usr/share/logwatch/scripts/services/oidentd
/usr/share/logwatch/scripts/services/openvpn
/usr/share/logwatch/scripts/services/pam
/usr/share/logwatch/scripts/services/pam_pwdb
/usr/share/logwatch/scripts/services/pam_unix
/usr/share/logwatch/scripts/services/php
/usr/share/logwatch/scripts/services/pix
/usr/share/logwatch/scripts/services/pluto
/usr/share/logwatch/scripts/services/pop3
/usr/share/logwatch/scripts/services/portsentry
/usr/share/logwatch/scripts/services/postfix
/usr/share/logwatch/scripts/services/pound
/usr/share/logwatch/scripts/services/proftpd-messages
/usr/share/logwatch/scripts/services/pureftpd
/usr/share/logwatch/scripts/services/qmail
/usr/share/logwatch/scripts/services/qmail-pop3d
/usr/share/logwatch/scripts/services/qmail-pop3ds
/usr/share/logwatch/scripts/services/qmail-send
/usr/share/logwatch/scripts/services/qmail-smtpd
/usr/share/logwatch/scripts/services/raid
/usr/share/logwatch/scripts/services/resolver
/usr/share/logwatch/scripts/services/rt314
/usr/share/logwatch/scripts/services/samba
/usr/share/logwatch/scripts/services/saslauthd
/usr/share/logwatch/scripts/services/scsi
/usr/share/logwatch/scripts/services/secure
/usr/share/logwatch/scripts/services/sendmail
/usr/share/logwatch/scripts/services/sendmail-largeboxes
/usr/share/logwatch/scripts/services/shaperd
/usr/share/logwatch/scripts/services/slon
/usr/share/logwatch/scripts/services/smartd
/usr/share/logwatch/scripts/services/sonicwall
/usr/share/logwatch/scripts/services/sshd
/usr/share/logwatch/scripts/services/sshd2
/usr/share/logwatch/scripts/services/stunnel
/usr/share/logwatch/scripts/services/sudo
/usr/share/logwatch/scripts/services/syslogd
/usr/share/logwatch/scripts/services/tac_acc
/usr/share/logwatch/scripts/services/up2date
/usr/share/logwatch/scripts/services/vpopmail
/usr/share/logwatch/scripts/services/vsftpd
/usr/share/logwatch/scripts/services/windows
/usr/share/logwatch/scripts/services/xntpd
/usr/share/logwatch/scripts/services/yum
/usr/share/logwatch/scripts/services/zz-disk_space
/usr/share/logwatch/scripts/services/zz-fortune
/usr/share/logwatch/scripts/services/zz-network
/usr/share/logwatch/scripts/services/zz-runtime
/usr/share/logwatch/scripts/services/zz-sys
/usr/share/logwatch/scripts/shared
/usr/share/logwatch/scripts/shared/applybinddate
/usr/share/logwatch/scripts/shared/applyeurodate
/usr/share/logwatch/scripts/shared/applyhttpdate
/usr/share/logwatch/scripts/shared/applystddate
/usr/share/logwatch/scripts/shared/applytaidate
/usr/share/logwatch/scripts/shared/applyusdate
/usr/share/logwatch/scripts/shared/applyvsftpddate
/usr/share/logwatch/scripts/shared/eventlogonlyservice
/usr/share/logwatch/scripts/shared/eventlogremoveservice
/usr/share/logwatch/scripts/shared/expandrepeats
/usr/share/logwatch/scripts/shared/hosthash
/usr/share/logwatch/scripts/shared/hostlist
/usr/share/logwatch/scripts/shared/multiservice
/usr/share/logwatch/scripts/shared/onlycontains
/usr/share/logwatch/scripts/shared/onlyhost
/usr/share/logwatch/scripts/shared/onlyservice
/usr/share/logwatch/scripts/shared/remove
/usr/share/logwatch/scripts/shared/removeheaders
/usr/share/logwatch/scripts/shared/removeservice
/usr/share/man/man8/logwatch.8.gz
/var/cache/logwatch

/etc/cron.daily

Nach der erfolgreichen Installation befindet sich eine „Start“-Skript, mit nachfolgend genanntem Namen, in nachfolgend aufgeführtem Verzeichnis:

  • /etc/cron.daily/0logwatch

:!: HINWEIS - Logwatch ist bereits jetzt Vorkonfiguriert einsetzbar !

Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
tachtler/logwatch.txt · Zuletzt geändert: 2012/03/11 07:07 von 127.0.0.1