January 1, 2010

Install LogWatch in a Server

LogWatch

----------
From the LogWatch website: "Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is easy to use and will work right out of the package on most systems."

Steps
------

1)wget ftp://fr.rpmfind.net/linux/fedora/core/3/x86_64/os/Fedora/RPMS/logwatch-5.2.2-1.noarch.rpm
2)rpm -Uvh logwatch-5.2.2-1.noarch.rpm


CONFIGURATION
--------------------

# Login as root and open the configuration file.
vi /etc/log.d/conf/logwatch.conf
OR
vi vi /usr/share/logwatch/default.conf/logwatch.conf

# Scroll down within the file and find the part called "MailTo". This is where you can specify where you want the logs mailed to. By default it is set to root. We suggest setting this to an email address you check regulary. Also, you may want to send it to an email address thats not hosted on the server (just in case ....).

--------------------------------------------------------------------------------
MailTo = logwatch@yourdomain.com, logwatch@off-site-domain.com
--------------------------------------------------------------------------------

# Now set the amount of detail you want reported by Logwatch

You will see something similar to this:

-------------------------------------------------------------------------------
# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = Low
--------------------------------------------------------------------------------

We suggest setting the detail to High as it will send you more information. You can then take a look at everything to see if it is too much information or if it meets your need. Take some time to understand the logs. Take some time every day to monitor your logs.

No comments:

Post a Comment