Logwatch¶

Log-Analyse.

Installation¶

sudo apt install logwatch

Konfiguration¶

sudo nano /etc/logwatch/conf/logwatch.conf

LogDir = /var/log
TmpDir = /var/cache/logwatch
MailTo = admin@example.com
MailFrom = logwatch@example.com
Range = yesterday
Detail = Med
Service = All
Format = html
Print = No
Split = 1

Detail-Level¶

Low - Nur wichtige Events
Med - Normale Details
High - Alle Details

Services konfigurieren¶

sudo nano /etc/logwatch/conf/services/http.conf

# HTTP Service
Title = "HTTP Access"
LogFile = http
*OnlyService = http
*RemoveHeaders

Custom Service¶

sudo nano /etc/logwatch/conf/services/custom.conf

# Custom Service
Title = "Custom Logs"
LogFile = custom
*OnlyService = custom
*ApplyStdDate = "ISO 8601"

Cron Job¶

sudo nano /etc/cron.daily/00logwatch

#!/bin/bash
/usr/sbin/logwatch --output mail --mailto admin@example.com --detail high

Manuelles ausführen¶

# Gestern
sudo logwatch --output stdout --detail Med --range yesterday

# Heute
sudo logwatch --output stdout --detail Med --range today

# Letzte Woche
sudo logwatch --output stdout --detail Med --range "last week"

Test¶

sudo logwatch --detail Med --mailto test@example.com --range today

HTML-Output¶

sudo logwatch --output file --filename /tmp/logwatch.html --detail High

Zurück zur Sicherheits-Übersicht