mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-13 22:30:37 +08:00
翻译完成 by runningwater
This commit is contained in:
runningwater
parent
424e174d4f
commit
46e9a02918
@ -1,133 +0,0 @@
|
||||
(translating by runningwater)
|
||||
How to monitor a log file on Linux with logwatch
|
||||
================================================================================
|
||||
Linux operating system and many applications create special files commonly referred to as "logs" to record their operational events. These system logs or application-specific log files are an essential tool when it comes to understanding and troubleshooting the behavior of the operating system and third-party applications. However, log files are not precisely what you would call "light" or "easy" reading, and analyzing raw log files by hand is often time-consuming and tedious. For that reason, any utility that can convert raw log files into a more user-friendly log digest is a great boon for sysadmins.
|
||||
|
||||
[logwatch][1] is an open-source log parser and analyzer written in Perl, which can parse and convert raw log files into a structured format, making a customizable report based on your use cases and requirements. In logwatch, the focus is on producing more easily consumable log summary, not on real-time log processing and monitoring. As such, logwatch is typically invoked as an automated cron task with desired time and frequency, or manually from the command line whenever log processing is needed. Once a log report is generated, logwatch can email the report to you, save it to a file, or display it on the screen.
|
||||
|
||||
A logwatch report is fully customizable in terms of verbosity and processing coverage. The log processing engine of logwatch is extensible, in a sense that if you want to enable logwatch for a new application, you can write a log processing script (in Perl) for the application's log file, and plug it under logwatch.
|
||||
|
||||
One downside of logwatch is that it does not include in its report detailed timestamp information available in original log files. You will only know that a particular event was logged in a requested range of time, and you will have to access original log files to get exact timing information.
|
||||
|
||||
### Installing Logwatch ###
|
||||
|
||||
On Debian and derivatives:
|
||||
|
||||
# aptitude install logwatch
|
||||
|
||||
On Red Hat-based distributions:
|
||||
|
||||
# yum install logwatch
|
||||
|
||||
### Configuring Logwatch ###
|
||||
|
||||
During installation, the main configuration file (logwatch.conf) is placed in /etc/logwatch/conf. Configuration options defined in this file override system-wide settings defined in /usr/share/logwatch/default.conf/logwatch.conf.
|
||||
|
||||
If logwatch is launched from the command line without any arguments, the custom options defined in /etc/logwatch/conf/logwatch.conf will be used. However, if any command-line arguments are specified with logwatch command, those arguments in turn override any default/custom settings in /etc/logwatch/conf/logwatch.conf.
|
||||
|
||||
In this article, we will customize several default settings of logwatch by editing /etc/logwatch/conf/logwatch.conf file.
|
||||
|
||||
Detail = <Low, Med, High, or a number>
|
||||
|
||||
"Detail" directive controls the verbosity of a logwatch report. It can be a positive integer, or High, Med, Low, which correspond to 10, 5, and 0, respectively.
|
||||
|
||||
MailTo = youremailaddress@yourdomain.com
|
||||
|
||||
"MailTo" directive is used if you want to have a logwatch report emailed to you. To send a logwatch report to multiple recipients, you can specify their email addresses separated with a space. To be able to use this directive, however, you will need to configure a local mail transfer agent (MTA) such as sendmail or Postfix on the server where logwatch is running.
|
||||
|
||||
Range = <Yesterday|Today|All>
|
||||
|
||||
"Range" directive specifies the time duration of a logwatch report. Common values for this directive are Yesterday, Today or All. When "Range = All" is used, "Archive = yes" directive is also needed, so that all archived versions of a given log file (e.g., /var/log/maillog, /var/log/maillog.X, or /var/log/maillog.X.gz) are processed.
|
||||
|
||||
Besides such common range values, you can also use more complex range options such as the following.
|
||||
|
||||
- Range = "2 hours ago for that hour"
|
||||
- Range = "-5 days"
|
||||
- Range = "between -7 days and -3 days"
|
||||
- Range = "since September 15, 2014"
|
||||
- Range = "first Friday in October"
|
||||
- Range = "2014/10/15 12:50:15 for that second"
|
||||
|
||||
To be able to use such free-form range examples, you need to install Date::Manip Perl module from CPAN. Refer to [this post][2] for CPAN module installation instructions.
|
||||
|
||||
Service = <service-name-1>
|
||||
Service = <service-name-2>
|
||||
. . .
|
||||
|
||||
"Service" option specifies one or more services to monitor using logwath. All available services are listed in /usr/share/logwatch/scripts/services, which cover essential system services (e.g., pam, secure, iptables, syslogd), as well as popular application services such as sudo, sshd, http, fail2ban, samba. If you want to add a new service to the list, you will have to write a corresponding log processing Perl script, and place it in this directory.
|
||||
|
||||
If this option is used to select specific services, you need to comment out the line "Service = All" in /usr/share/logwatch/default.conf/logwatch.conf.
|
||||
|
||||
|
||||
|
||||
Format = <text|html>
|
||||
|
||||
"Format" directive specifies the format (e.g., text or HTML) of a logwatch report.
|
||||
|
||||
Output = <file|mail|stdout>
|
||||
|
||||
"Output" directive indicates where a logwatch report should be sent. It can be saved to a file (file), emailed (mail), or shown to screen (stdout).
|
||||
|
||||
### Analyzing Log Files with Logwatch ###
|
||||
|
||||
To understand how to analyze log files using logwatch, consider the following logwatch.conf example:
|
||||
|
||||
Detail = High
|
||||
MailTo = youremailaddress@yourdomain.com
|
||||
Range = Today
|
||||
Service = http
|
||||
Service = postfix
|
||||
Service = zz-disk_space
|
||||
Format = html
|
||||
Output = mail
|
||||
|
||||
Under these settings, logwatch will process log files generated by three services (http, postfix and zz-disk_space) today, produce an HTML report with high verbosity, and email it to you.
|
||||
|
||||
If you do not want to customize /etc/logwatch/conf/logwatch.conf, you can leave the default configuration file unchanged, and instead run logwatch from the command line as follows. It will achieve the same outcome.
|
||||
|
||||
# logwatch --detail 10 --mailto youremailaddress@yourdomain.com --range today --service http --service postfix --service zz-disk_space --format html --output mail
|
||||
|
||||
The emailed report looks like the following.
|
||||
|
||||
|
||||
|
||||
The email header includes links to navigate the report sections, one per each selected service, and also "Back to top" links.
|
||||
|
||||
You will want to use the email report option when the list of recipients is small. Otherwise, you can have logwatch save a generated HTML report within a network share that can be accessed by all the individuals who need to see the report. To do so, make the following modifications in our previous example:
|
||||
|
||||
Detail = High
|
||||
Range = Today
|
||||
Service = http
|
||||
Service = postfix
|
||||
Service = zz-disk_space
|
||||
Format = html
|
||||
Output = file
|
||||
Filename = /var/www/html/logs/dev1.html
|
||||
|
||||
Equivalently, run logwatch from the command line as follows.
|
||||
|
||||
# logwatch --detail 10 --range today --service http --service postfix --service zz-disk_space --format html --output file --filename /var/www/html/logs/dev1.html
|
||||
|
||||
Finally, let's configure logwatch to be executed by cron on your desired schedules. The following example will run a logwatch cron job every business day at 12:15 pm:
|
||||
|
||||
# crontab -e
|
||||
|
||||
----------
|
||||
|
||||
15 12 * * 1,2,3,4,5 /sbin/logwatch
|
||||
|
||||
Hope this helps. Feel free to comment to share your own tips and ideas with the community!
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://xmodulo.com/monitor-log-file-linux-logwatch.html
|
||||
|
||||
作者:[Gabriel Cánepa][a]
|
||||
译者:[runningwater](https://github.com/runningwater)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://xmodulo.com/author/gabriel
|
||||
[1]:http://sourceforge.net/projects/logwatch/
|
||||
[2]:http://xmodulo.com/how-to-install-perl-modules-from-cpan.html
|
||||
@ -0,0 +1,132 @@
|
||||
Linux 系统中使用 logwatch 监控日志文件
|
||||
================================================================================
|
||||
Linux 操作系统和许多应用程序会创建特殊的文件来记录它们的运行事件,这些文件通常被称作“日志”。当要了解操作系统或第三方应用程序的行为或进行故障排队的话,这些系统日志或特写的应用程序日志文件是必不可少的的工具。但是,日志文件并没有您们所谓的“清晰”或“容易”这种程度的可读性。手工分析原始的日志文件简直是浪费时间,并且单调乏味。出于这个原因,对于系统管理员来说,发现任何一款能把原始的日志文件转换成更人性化的记录摘要的工具,将会受益无穷。
|
||||
|
||||
[logwatch][1] 是一款用 Perl 语言编写的开源日志解析分析器。它能对原始的日志文件进行解析并转换成结构化格式的文档,也能根据您的使用情况和需求来定制报告。logwatch 的主要目的是生成更易于使用的日志摘要,并不是用来对日志进行实时的处理和监控的。正因为如此,logwatch 通常被设定好时间和频率的自动定时任务来调度运行或者是有需要日志处理的时候从命令行里手动运行。一旦日志报告生成,logwatch 会通过电子邮件把这报告发送给您,您可以把它保存成文件或者在屏幕上直接显示。
|
||||
|
||||
Logwatch 报告的详细程度和报告覆盖范围是完全可定制化的。Logwatch 的日志处理引擎也是可扩展的,从某种意义上来说,如果您想在一个新的应用程序中使用 logwatch 功能的话,只需要为这个应用程序的日志文件编写一个日志处理脚本(使用 Perl 语言),然后挂接到 logwatch 上就行。
|
||||
|
||||
logwatch 有一点不好的就是,在它生成的报告中没有详细的时间戳信息,而原来的日志文件中是存在的。您只能知道被记录下来的一段时间之内的特定事件,如果想要知道精确的时间点的信息,就不得不去查看原日志文件了。
|
||||
|
||||
### 安装 Logwatch ###
|
||||
|
||||
在 Debian 系统或其派生的系统上:
|
||||
|
||||
# aptitude install logwatch
|
||||
|
||||
在基于 Red Hat 的发布系统上:
|
||||
|
||||
# yum install logwatch
|
||||
|
||||
### 配置 Logwatch ###
|
||||
|
||||
安装时,主要的配置文件(logwatch.conf)被放到 **/etc/logwatch/conf** 目录中。此文件定义的设置选项会覆盖掉定义在 /usr/share/logwatch/default.conf/logwatch.conf 文件中的系统级设置。
|
||||
|
||||
在命令行中,启动 logwatch, 如果不带参数的话,将会使用 /etc/logwatch/conf/logwatch.conf 文件中定义的自定义选项。但,只要一指定参数,它们就会覆盖 /etc/logwatch/conf/logwatch.conf 文件中的任意默认/自定义设置。
|
||||
|
||||
这篇文章里,我们会编辑 /etc/logwatch/conf/logwatch.conf 文件来对一些默认的设置项做些个性化设置。
|
||||
|
||||
Detail = <Low, Med, High, or a number>
|
||||
|
||||
“Detail” 配置指令控制着 logwatch 报告的详细程度。它可以是个正整数,也可以是分别代表着10、5和0数字的 High、Med、Low 几个选项。
|
||||
|
||||
MailTo = youremailaddress@yourdomain.com
|
||||
|
||||
如果您让把一份 logwatch 的报告邮件给您,就要使用 “MailTo” 这个配置指令。要把一份报告发送给多个用户,只需要把他们的邮件地址用空格格开,然后配置上去。但是,您需要在 logwatch 运行的服务器上配置好本地邮件传输代理(MTA)如,sendmail、 Postfix 等,这个配置指令项才能起作用。
|
||||
|
||||
Range = <Yesterday|Today|All>
|
||||
|
||||
"Range" 配置指令定义了生成 logwatch 报告的时间段信息。这个指令通常可选的值是 Yesterday、Today、All。当作用了“Rang = All”时,“Archive = yes” 这个指令项也必须配置上,那么所有的已存档的日志文件 (比如,/var/log/maillog、/var/log/maillog.X 或 /var/log/maillog.X.gz 文件)都会被处理到。
|
||||
|
||||
除了这些通用的 range 值,您也可以使用复杂点的选择值,如下所示:
|
||||
|
||||
- Range = "2 hours ago for that hour"
|
||||
- Range = "-5 days"
|
||||
- Range = "between -7 days and -3 days"
|
||||
- Range = "since September 15, 2014"
|
||||
- Range = "first Friday in October"
|
||||
- Range = "2014/10/15 12:50:15 for that second"
|
||||
|
||||
要使用上面例子中自由形式的 range,您需要从 CPAN(注:Comprehensive Perl Archive Network) 上下载安装 Perl 的 Date::Manip 模块。关于 CPAN 模块的安装说明,请请参阅[此帖][2] 。
|
||||
|
||||
Service = <service-name-1>
|
||||
Service = <service-name-2>
|
||||
. . .
|
||||
|
||||
“Service” 选项指定想要监控的一个或多个服务。在 /usr/share/logwatch/scripts/services 目录下列出的服务都能被监控,它们已经涵盖了重要的系统服务(例如,pam,secure,iptables,syslogd 等),也涵盖了一些像 sudo、sshd、http、fail2ban、samba等主流的应用服务。如果您想添加新的服务到列表中,得编写一个相应的日志处理 Perl 脚本,并把它放在这个目录中。
|
||||
|
||||
如果这个选项要用来选择特定的服务话,您需要把 /usr/share/logwatch/default.conf/logwatch.conf 文件中的 "Service = All " 这一行注释掉。
|
||||
|
||||
|
||||
|
||||
Format = <text|html>
|
||||
|
||||
“Format” 配置指令定义了一份 logwatch 报告的格式(比如 text 或者 HTML)。
|
||||
|
||||
Output = <file|mail|stdout>
|
||||
|
||||
"Output" 配置指令定义生成的 logwatch 报告要发送的目的地。它能被保存成文件(file),生成电子邮件(mail)或者是直接在屏幕上显示(stdout)。
|
||||
|
||||
### 用 Logwatch 来分析日志文件 ###
|
||||
|
||||
要弄明白怎么使用 logwatch 来分析日志文件,可以参考下面的 logwatch.conf 文件例子:
|
||||
|
||||
Detail = High
|
||||
MailTo = youremailaddress@yourdomain.com
|
||||
Range = Today
|
||||
Service = http
|
||||
Service = postfix
|
||||
Service = zz-disk_space
|
||||
Format = html
|
||||
Output = mail
|
||||
|
||||
使用这些设置,logwatch 将会处理三个应用服务(http、postfix 和 zz-disk_space)当天产生的日志,生成一份非常详细的 HTML 格式报告,然后邮件给您。
|
||||
|
||||
如果您不想个性化 /etc/logwatch/conf/logwatch.conf,您可以不修改此文件让其默认,然后在命令行里运行如下所示的命令。也会得到同样的输出。
|
||||
|
||||
# logwatch --detail 10 --mailto youremailaddress@yourdomain.com --range today --service http --service postfix --service zz-disk_space --format html --output mail
|
||||
|
||||
电子邮件发送的报告样子如图示:
|
||||
|
||||
|
||||
|
||||
这份电子邮件头部包含指向导航到报告细节的链接,在每个选中的服务细节,也会有“返回顶部”的链接。
|
||||
|
||||
接收人很少的情况下您可能会使用电子邮件发送报告这个选项。其它情况下,您可能会把让其生成为 HTML 格式的报告,这样每个想看这份报告的人都可以从网络共享里看到。只需要把上面例子中的配置做些修改就可以实现:
|
||||
|
||||
Detail = High
|
||||
Range = Today
|
||||
Service = http
|
||||
Service = postfix
|
||||
Service = zz-disk_space
|
||||
Format = html
|
||||
Output = file
|
||||
Filename = /var/www/html/logs/dev1.html
|
||||
|
||||
同样的,也可以在命令行中运行如下的命令。
|
||||
|
||||
# logwatch --detail 10 --range today --service http --service postfix --service zz-disk_space --format html --output file --filename /var/www/html/logs/dev1.html
|
||||
|
||||
最后,让我们使用 cron 来配置 logwatch 的定时执行任务。下面的例子中,将会在每个工作日的下午 12:15 分运行 logwatch 调度任务。
|
||||
|
||||
# crontab -e
|
||||
|
||||
----------
|
||||
|
||||
15 12 * * 1,2,3,4,5 /sbin/logwatch
|
||||
|
||||
希望这会有所帮助。欢迎到社区发表评论或分享自己的心得和体会!
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://xmodulo.com/monitor-log-file-linux-logwatch.html
|
||||
|
||||
作者:[Gabriel Cánepa][a]
|
||||
译者:[runningwater](https://github.com/runningwater)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://xmodulo.com/author/gabriel
|
||||
[1]:http://sourceforge.net/projects/logwatch/
|
||||
[2]:http://xmodulo.com/how-to-install-perl-modules-from-cpan.html
|
||||
Loading…
Reference in New Issue
Block a user