MrBrown blob » logcheck http://charles.lescampeurs.org random bits. Sat, 10 Apr 2010 09:02:57 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Using Logcheck http://charles.lescampeurs.org/2008/09/16/using-logcheck http://charles.lescampeurs.org/2008/09/16/using-logcheck#comments Tue, 16 Sep 2008 09:22:15 +0000 CharlyBr http://charles.lescampeurs.org/?p=67

Logcheck is a tool to parse system logs and send summaries by email. It filters out logs with a regular expressions database to suppress common/normal entries.

Are you reading / checking your log files? Too many servers? logcheck will help you in this task and eliminates the noise.

Installing on Debian

# apt-get install logcheck
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
lockfile-progs logtail
Suggested packages:
syslog-summary
Recommended packages:
logcheck-database
The following NEW packages will be installed:
lockfile-progs logcheck logtail
0 upgraded, 3 newly installed, 0 to remove and 6 not upgraded.
Need to get 110kB of archives.
After unpacking 428kB of additional disk space will be used.
Do you want to continue [Y/n]?

Also install logcheck-database which contains lots of rules

# apt-get install logcheck-database

Config files

  • /etc/logcheck/logcheck.conf
    • SENDMAILTO=”root” – your email address
  • /etc/logcheck/logcheck.logfiles
    • configure which logfiles to analyze
  • /etc/cron.d/logcheck
    • logcheck cron (by default, logcheck runs every hour)

You can try it by executing the following command:

# su -s /bin/bash -c "/usr/sbin/logcheck" logcheck

Your mailbox should now contains a report from logcheck if some unusual log entries have been found.

Links

]]> http://charles.lescampeurs.org/2008/09/16/using-logcheck/feed 3