logwatch - system log analyzer and reporter
logwatch [--detail level ] [--logfile log-file-group ] [--service
service-name ] [--mailto address ] [--archives] [--range range ]
[--debug level ] [--filename file-name ] [--logdir directory ]
[--hostname hostname ] [--hostformat host based options ] [--output
output-type ] [--format report format ] [--encode encoding to use ]
[--numeric] [--version] [--help|--usage]
Logwatch is a customizable, pluggable log-monitoring system. It will
go through your logs for a given period of time and make a report in
the areas that you wish with the detail that you wish. Logwatch is
being used for Linux and many types of UNIX.
This is the detail level of the report. level can be a positive
integer, or high, med, low, which correspond to the integers 10,
5, and 0, repectively.
This will force Logwatch to process only the set of logfiles
defined by log-file-group (i.e. messages, xferlog, ...).
Logwatch will therefore process all services that use those
logfiles. This option can be specified more than once to
specify multiple logfile-groups.
This will force Logwatch to process only the service specified
in service-name (i.e. login, pam, identd, ...). Logwatch will
therefore also process any log-file-groups necessary to process
these services. This option can be specified more than once to
specify multiple services to process. A useful service-name is
All which will process all services (and logfile-groups) for
which you have filters installed.
Mail the results to the email address or user specified in
address. This option overrides the --print option.
You can specify a date-range to process. Common ranges are
Yesterday, Today, All, and Help. Additional options are listed
when invoked with the Help parameter.
Each log-file-group has basic logfiles (i.e. /var/log/messages)
as well as archives (i.e. /var/log/messages.? or
/var/log/messages.?.gz). When used with "--range all", this
option will make Logwatch search through the archives in
addition to the regular logfiles. For other values of --range,
Logwatch will search the appropriate archived logs.
For debugging purposes. level can range from 0 to 100. This
will really clutter up your output. You probably don't want to
Save the output to file-name instead of displaying or mailing
Look in directory for log subdirectories or log files instead of
the default directory.
Use hostname for the reports instead of this system's hostname.
In addition, if HostLimit is set in the logwatch.conf
configuration file (see MORE INFORMATION, below), then only logs
from this hostname will be processed (where appropriate).
Inhibits additional name lookups, displaying IP addresses
Displays usage information
--help same as --usage.
This directory contains all the perl executables and
configuration files shipped with the logwatch distribution.
This directory contains local configuration files that override
the default configuration. See MORE INFORMATION below for more
logwatch --service ftpd-xferlog --range all --detail high --print
This will print out all FTP transfers that are stored in all
current and archived xferlogs.
logwatch --service pam_pwdb --range yesterday --detail high --print
This will print out login information for the previous day...
The directory /usr/share/doc/logwatch-* contains several files with
Documents the directory structure of Logwatch configuration and
executable files, and describes how to customize Logwatch by
overriding these default files.
Describes the License under which Logwatch is distributed.
Additional clauses may be specified in individual files.
Describes how to install, where to find it, mailing lists, and
other useful information.
Kirk Bauer <email@example.com>