logwatch



LOGWATCH(8)                      User Manuals                      LOGWATCH(8)




NAME

       logwatch - system log analyzer and reporter


SYNOPSIS

       logwatch  [--detail level ] [--logfile log-file-group ] [--service ser-
       vice-name ] [--print] [--mailto address ] [--archives] [--range range ]
       [--debug  level ] [--save file-name ] [--logdir directory ] [--hostname
       hostname ] [--numeric] [--help|--usage]


DESCRIPTION

       LogWatch is a customizable, pluggable log-monitoring system.   It  will
       go  through  your  logs for a given period of time and make a report in
       the areas that you wish with the detail that you wish.  Easy to  use  -
       works right out of the package on almost all systems.


OPTIONS

       --detail level
              This is the detail level of the report.  level can be high, med,
              low.

       --logfile log-file-group
              This will force LogWatch to process only  the  set  of  logfiles
              defined  by  log-file-group (i.e. messages, xferlog, ...).  Log-
              Watch will therefore process all services that  use  those  log-
              files.   This  option can be specified more than once to specify
              multiple logfile-groups.

       --service service-name
              This will force LogWatch to process only the  service  specified
              in  service-name  (i.e. login, pam, identd, ...).  LogWatch will
              therefore also process any log-file-groups necessary to  process
              these  services.  This option can be specified more than once to
              specify multiple services to process.  A useful service-name  is
              All  which  will  process  all services (and logfile-groups) for
              which you have filters installed.

       --print
              Print the results to stdout (i.e. the screen).

       --mailto address
              Mail the results to the  email  address  or  user  specified  in
              address.

       --range range
              You  can specify a date-range to process. Common ranges are Yes-
              terday, Today, All, and Help.   Additional  options  are  listed
              when invoked with the Help parameter.

       --archives
              Each  log-file-group has basic logfiles (i.e. /var/log/messages)
              as well as archives (i.e. /var/log/messages.?  or  /var/log/mes-
              sages.?.gz).   When  used  with  "--range all", this option will
              make LogWatch search through the archives  in  addition  to  the
              regular  logfiles.   For  other values of --range, LogWatch will
              search the appropriate archived logs.

       --debug level
              For debugging purposes.  level can range from 0  to  100.   This
              will  really clutter up your output.  You probably don’t want to
              use this.

       --save file-name
              Save the output to file-name instead of  displaying  or  mailing
              it.

       --logdir directory
              Look  in  directory  for log files instead of the default direc-
              tory.

       --hostname hostname
              Use hostname for the reports instead of this system’s  hostname.
              In  addition,  if  HostLimit is set in /etc/log.d/logwatch.conf,
              then only logs from  this  hostname  will  be  processed  (where
              appropriate).

       --numeric
              Inhibits additional name lookups, displaying IP addresses numer-
              ically.

       --usage
              Displays usage information

       --help same as --usage.


FILES

       /etc/log.d/logwatch.conf
              Really a symlink to  /etc/log.d/conf/logwatch.conf.   This  file
              sets  the  default  values  of  all  the  above  options.  These
              defaults are used when LogWatch is called without any parameters
              (i.e.  from  cron.daily).   The file is well-documented, but the
              explanations above also apply to this config file.
       /etc/log.d/conf/services/*
              Configuration files for the various services whose  log  entries
              LogWatch can process.
       /etc/log.d/conf/logfiles/*
              Configuration files for the various logfiles that the above ser-
              vice’s log entries are stored in.
       /etc/log.d/scripts/shared/*
              Filters common to many services and/or logfiles.
       /etc/log.d/scripts/logfiles/*
              Filters specific to just particular logfiles.
       /etc/log.d/scripts/services/*
              Actual filter programs for the various services.


EXAMPLES

       logwatch --service  ftpd-xferlog  --range  all  --detail  high  --print
       --archives
              This  will  print  out  all FTP transfers that are stored in all
              current and archived xferlogs.
       logwatch --service pam_pwdb --range yesterday --detail high --print
              This will print out login information for the previous day...


MORE INFORMATION

       For information on adding your own filter, please see the  file  HOWTO-
       Make-Filter  which  should  have  been  included with Logwatch.  If you
       installed from an RPM, it is  probably  under  /usr/share/doc/logwatch-
       XXX.


AUTHOR

       Kirk Bauer <kirk@kaybee.org>

       http://www.kaybee.org/~kirk

       ftp://ftp.kaybee.org/pub/redhat/RPMS



Linux                             MARCH 1998                       LOGWATCH(8)

Man(1) output converted with man2html