logwatch

Analyze logs for a range of dates at a certain level of detail

$ logwatch --range [yesterday|today|all|help] --detail [low|medium|others]'

$ logwatch --range [all] --service [apache|pam_unix|etc]

logwatch [--detail level ] [--logfile log-file-group ] [--service service-name ] [--mailto address ] [--archives] [--range range ] [--debug level ] [--filename file-name ] [--logdir directory ] [--hostlimit hosts ] [--hostname hostname ] [--html_wrap number of characters ] [--hostformat host based options ] [--output output-type ] [--format report format ] [--subject email subject ] [--encode encoding to use ] [--numeric] [--version] [--help|--usage]

Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Logwatch is being used for Linux and many types of UNIX.

--detail level

This is the detail level of the report. level can be a positive integer, or high, med, low, which correspond to the integers 10, 5, and 0, respectively.

--logfile log-file-group

This will force Logwatch to process only the set of logfiles defined by log-file-group (i.e. messages, xferlog, ...). Logwatch will therefore process all services that use those logfiles. This option can be specified more than once to specify multiple logfile-groups.

--service service-name

This will force Logwatch to process only the service specified in service-name (i.e. login, pam, identd, ...). Logwatch will therefore also process any log-file-groups necessary to process these services. This option can be specified more than once to specify multiple services to process. A useful service-name is All which will process all services (and logfile-groups) for which you have filters installed.

--mailto address

Mail the results to the email address or user specified in address.

--range range

You can specify a date-range to process. Common ranges are Yesterday, Today, All, and Help. Additional options are listed when invoked with the Help parameter.

--archives

Each log-file-group has basic logfiles (i.e. /var/log/messages) as well as archives (i.e. /var/log/messages.? or /var/log/messages.?.gz). When used with "--range all", this option will make Logwatch search through the archives in addition to the regular logfiles. For other values of --range, Logwatch will search the appropriate archived logs.

--debug level

For debugging purposes. level can range from 0 to 100. This will really clutter up your output. You probably don't want to use this.

--filename file-name

Save the output to file-name instead of displaying or mailing it.

--logdir directory

Look in directory for log subdirectories or log files first before looking in the default directories.

--hostlimit host1,host2

Limit report to hostname - host1, host2.

--hostname hostname

Use hostname for the reports instead of this system's hostname. In addition, if HostLimit is set in the logwatch.conf configuration file (see MORE INFORMATION, below), then only logs from this hostname will be processed (where appropriate).

--html_wrap num-characters

Number of characters that html output should be wrapped to. Default is 80.

--hostformat split

Use split approach when formatting report for multiple hosts - none [default], split, splitmail.

--output output-type

Report using output-type - stdout [default], mail, file.

--format format

Format report using format - text [default], html.

--subject email-subject

Customize the email subject sent by Logwatch. Option --output must be set to mail.

--encode encoding

Encode report using encoding - none [default], base64.

--numeric

Inhibits additional name lookups, displaying IP addresses numerically.

--usage

Displays usage information

--help

same as --usage.

/usr/share/logwatch/

This directory contains all the perl executables and configuration files shipped with the logwatch distribution.

/etc/logwatch

This directory contains local configuration files that override the default configuration. See MORE INFORMATION below for more information.

logwatch --service ftpd-xferlog --range all --detail high --archives

This will print out all FTP transfers that are stored in all current and archived xferlogs.

logwatch --service pam_pwdb --range yesterday --detail high

This will print out login information for the previous day...

The directory /usr/share/doc/logwatch-* contains several files with additional documentation:

HOWTO-Customize-LogWatch

Documents the directory structure of Logwatch configuration and executable files, and describes how to customize Logwatch by overriding these default files.

LICENSE

Describes the License under which Logwatch is distributed. Additional clauses may be specified in individual files.

README

Describes how to install, where to find it, mailing lists, and other useful information.

Kirk Bauer <kirk@kaybee.org>

http://sourceforge.net/projects/logwatch