Bash Cures Cancer
Learn the UNIX/Linux command line

Home     Man Pages     SpamDefeator 


LOGWATCH(8)			 User Manuals			  LOGWATCH(8)



NAME
       logwatch - system log analyzer and reporter

SYNOPSIS
       logwatch [--detail level ] [--logfile log-file-group ] [--service ser-
       vice-name ] [--print] [--mailto address ] [--archives] [--range	range
       ]  [--debug level ] [--save file-name ] [--logdir directory ] [--host-
       name hostname ] [--help|--usage]

DESCRIPTION
       LogWatch is a customizable, pluggable log-monitoring system.  It	 will
       go  through  your logs for a given period of time and make a report in
       the areas that you wish with the detail that you wish.  Easy to use  -
       works right out of the package on almost all systems.

OPTIONS
       --detail level
	      This  is	the  detail  level of the report.  level can be high,
	      med, low.

       --logfile log-file-group
	      This will force LogWatch to process only the  set	 of  logfiles
	      defined  by log-file-group (i.e. messages, xferlog, ...).	 Log-
	      Watch will therefore process all services that use  those	 log-
	      files.   This option can be specified more than once to specify
	      multiple logfile-groups.

       --service service-name
	      This will force LogWatch to process only the service  specified
	      in  service-name (i.e. login, pam, identd, ...).	LogWatch will
	      therefore also process any log-file-groups necessary to process
	      these services.  This option can be specified more than once to
	      specify multiple services to process.  A useful service-name is
	      All  which  will	process all services (and logfile-groups) for
	      which you have filters installed.

       --print
	      Print the results to stdout (i.e. the screen).

       --mailto address
	      Mail the results to the email  address  or  user	specified  in
	      address.

       --archives
	      Each log-file-group has basic logfiles (i.e. /var/log/messages)
	      as well as archives (i.e. /var/log/messages.? or	/var/log/mes-
	      sages.?.gz).  This option will make LogWatch search through the
	      archives in addition to the regular logfiles.  The entries must
	      still  be in the proper date range (see below) to be processed,
	      however.

       --range range
	      You can specify a date-range to process.	This option  is	 cur-
	      rently limited to only Yesterday, Today and All.

       --debug level
	      For  debugging  purposes.	 level can range from 0 to 100.	 This
	      will really clutter up your output.  You probably don't want to
	      use this.

       --save file-name
	      Save  the	 output to file-name instead of displaying or mailing
	      it.

       --logdir directory
	      Look in directory for log files instead of the  default  direc-
	      tory.

       --hostname hostname
	      Use hostname for the reports instead of this system's hostname.
	      In addition, if HostLimit is set	in  /etc/log.d/logwatch.conf,
	      then  only  logs	from  this  hostname will be processed (where
	      appropriate).

       --usage
	      Displays usage information

       --help same as --usage.

FILES
       /etc/log.d/logwatch.conf
	      Really a symlink to /etc/log.d/conf/logwatch.conf.   This	 file
	      sets  the	 default  values  of  all  the	above options.	These
	      defaults are used when LogWatch is called without	 any  parame-
	      ters  (i.e. from cron.daily).  The file is well-documented, but
	      the explanations above also apply to this config file.
       /etc/log.d/conf/services/*
	      Configuration files for the various services whose log  entries
	      LogWatch can process.
       /etc/log.d/conf/logfiles/*
	      Configuration  files  for	 the  various logfiles that the above
	      service's log entries are stored in.
       /etc/log.d/scripts/shared/*
	      Filters common to many services and/or logfiles.
       /etc/log.d/scripts/logfiles/*
	      Filters specific to just particular logfiles.
       /etc/log.d/scripts/services/*
	      Actual filter programs for the various services.

EXAMPLES
       logwatch --service ftpd-xferlog	--range	 all  --detail	high  --print
       --archives
	      This  will  print	 out all FTP transfers that are stored in all
	      current and archived xferlogs.
       logwatch --service pam_pwdb --range yesterday --detail high --print
	      This will print out login information for the previous day...

MORE INFORMATION
       For information on adding your own filter, please see the file  HOWTO-
       Make-Filter  which  should  have	 been included with Logwatch.  If you
       installed from an RPM, it is probably  under  /usr/share/doc/logwatch-
       XXX.

BUGS
       The --range option is very weak... this will be fixed in the future.

AUTHOR
       Kirk Bauer 

       http://www.kaybee.org/~kirk

       ftp://ftp.kaybee.org/pub/redhat/RPMS



Linux				  MARCH 1998			  LOGWATCH(8)


UNIX/Linux commands referenced on this page:
  1. hostname
  2. time
  3. make
  4. more
  5. login
  6. which
  7. Mail
  8. as
  9. date
  10. file