LOG檔的分析,使用 logwatch

安裝logwatch

yum install logwatch

預設的設定檔是使用

/usr/share/logwatch/default.conf/logwatch.conf 

但也可以自訂設定檔,先拷貝一份到自訂目錄去/etc/logwatch/conf/,裡面的logwatch.conf預設為空

cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/

修改設定檔

vim /etc/logwatch/conf/logwatch.conf

LogDir = /var/log (log檔存放的目錄)

MailTo = hsu.weni@gmail.com (報表要寄給誰)

MailFrom = earth (寄件人的名稱)

Detail = 10 (報表的詳細程度0-10)

Service = All (分析所有)

Service = “-zz-network” (排除的服務,前面有減字號)

測試

直接執行,會收到mail

/usr/bin/perl /usr/share/logwatch/scripts/logwatch.pl
加入排程中,每日凌晨0時1分執行vim /etc/crontab
1  0  *  *  * root /usr/bin/perl /usr/share/logwatch/scripts/logwatch.pl
重新執行service crond restart

省略寄信,直接查看昨日報表

logwatch --print