Logcheck is a tool to parse system logs and send summaries by email. It filters out logs with a regular expressions database to suppress common/normal entries.
Are you reading / checking your log files? Too many servers? logcheck will help you in this task and eliminates the noise.
Installing on Debian
# apt-get install logcheck Reading package lists... Done Building dependency tree... Done The following extra packages will be installed: lockfile-progs logtail Suggested packages: syslog-summary Recommended packages: logcheck-database The following NEW packages will be installed: lockfile-progs logcheck logtail 0 upgraded, 3 newly installed, 0 to remove and 6 not upgraded. Need to get 110kB of archives. After unpacking 428kB of additional disk space will be used. Do you want to continue [Y/n]?
Also install logcheck-database which contains lots of rules
# apt-get install logcheck-database
Config files
- /etc/logcheck/logcheck.conf
- SENDMAILTO=”root” – your email address
- /etc/logcheck/logcheck.logfiles
- configure which logfiles to analyze
- /etc/cron.d/logcheck
- logcheck cron (by default, logcheck runs every hour)
You can try it by executing the following command:
# su -s /bin/bash -c "/usr/sbin/logcheck" logcheck
Your mailbox should now contains a report from logcheck if some unusual log entries have been found.
Comments (3)
Thanks to this post I have realised that I hadn’t installed logcheck-database.
Without that, the emails sent by logcheck will contain lots and lots of pointless lines (for example those about cron tasks).
Kind regards,
Marco.
Thanks, never knew about this.
Hopefully gentoo will build it into the portage soon, had to do a manual build.
Awesome blog keep it up
@Phil Jones, thanks for the support.