#yum install logwatch
查看配置文件目录
#ls /usr/share/logwatch/default.conf/
编辑配置文件
[root@oracle default.conf]# vi logwatch.conf
配置文件参数
指定系统日志存储目录(默认)
LogDir = /var/log
指定临时目录
TmpDir = /var/cache/logwatch
邮件报告的接收联系人
MailTo = root
多个联系人采用逗号分隔
MailTo = user1@mail.com,user2@mail.com
邮件发件人名称
MailFrom = Logwatch
指定报告内容时间段
Range = yesterday
可选参数包括、
All Today Yesterday
报告详细程度
Detail = Low
报告服务类型
Service = All
查看支持的报告服务类型
#ls /usr/share/logwatch/scripts/services/
afpd denyhosts ftpd-messages named postfix saslauthd syslogd
amavis dhcpd ftpd-xferlog netopia pound scsi tac_acc
arpwatch dnssec http netscreen proftpd-messages secure up2date
audit dovecot identd oidentd pureftpd sendmail vpopmail
automount dpkg imapd openvpn qmail sendmail-largeboxes vsftpd
autorpm emerge init pam qmail-pop3d shaperd windows
bfd evtapplication in.qpopper pam_pwdb qmail-pop3ds slon xntpd
cisco evtsecurity ipop3d pam_unix qmail-send smartd yum
clamav evtsystem iptables php qmail-smtpd sonicwall zz-disk_space
clamav-milter exim kernel pix raid sshd zz-fortune
clam-update eximstats mailscanner pluto resolver sshd2 zz-network
courier extreme-networks modprobe pop3 rt314 stunnel zz-runtime
cron fail2ban mountd portsentry samba sudo zz-sys
邮件发送参数(默认)
mailer = “sendmail -t”
系统每日计划任务
[root@oracle default.conf]# ls /etc/cron.daily/
0logwatch logrotate mlocate.cron readahead.cron
cups makewhatis.cron prelink tmpwatch
[root@oracle default.conf]#
手工执行报告发送
# /usr/share/logwatch/scripts/logwatch.pl
查看系统日志报告
#logwatch –print
# logwatch –range Today –print –mailto user1@mail.com
# /usr/share/logwatch/scripts/logwatch.pl –mailto user1@mail.com