用 Logwatch 工具监控 Linux 系统 Log 日志
如果要想迅速的得到 Linux 环境中的日志报告信息, Logwatch 是一个很好的工具.
在debian上安装非常简单,只需要
#sudo apt-get install logwatch
查看昨天的信息,使用下面的命令就可以了。结果包括启动信息,登陆信息,磁盘使用状况等。
#logwatch –print
单独查看某项服务的信息,比如ssh,使用
#logwatch –service sshd –print
具体使用可以
#logwatch –help
Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>]
[--print] [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]
[--save <filename>] [--help] [--version] [--service <name>]
[--numeric] [--output <output_type>]
[--splithosts] [--multiemail]
–detail <level>: Report Detail Level – High, Med, Low or any #.
–logfile <name>: *Name of a logfile definition to report on.
–service <name>: *Name of a service definition to report on.
–print: Display report to stdout.
–mailto <addr>: Mail report to <addr>.
–archives: Use archived log files too.
–save <filename>: Save to <filename>.
–range <range>: Date range: Yesterday, Today, All, Help
where help will describe additional options
–numeric: Display ddresses numerically rather than symbolically and numerically
(saves a nameserver address-to-name lookup).
–debug <level>: Debug Level – High, Med, Low or any #.
–splithosts: Create a report for each host in syslog.
–multiemail: Send each host report in a separate email. Ignored if
not using –splithosts.
–output <output type>: Report Format – mail, html-embed, html or unformatted#.
–version: Displays current version.
–help: This message.
* = Switch can be specified multiple times…
但是每天ssh到服务器上使用太不方便,还好logwatch提供了mail功能
#nano /etc/logwatch/conf/logwatch.conf
修改下面的root为你自己的邮件地址
MailTo = root
同时,因为我们需要了解服务器的详细信息,所以,修改下面的
Detail = 是细节度,推荐 10 ,即最高
没有评论▼