Logcheck is a tool to parse system logs and send summaries by email. It filters out logs with a regular expressions database to suppress common/normal entries.
Are you reading / checking your log files? Too many servers? logcheck will help you in this task and eliminates the noise.
Installing on Debian
# apt-get install logcheck Reading package lists... Done Building dependency tree... Done The following extra packages will be installed: lockfile-progs logtail Suggested packages: syslog-summary Recommended packages: logcheck-database The following NEW packages will be installed: lockfile-progs logcheck logtail 0 upgraded, 3 newly installed, 0 to remove and 6 not upgraded. Need to get 110kB of archives. After unpacking 428kB of additional disk space will be used. Do you want to continue [Y/n]?
Also install logcheck-database which contains lots of rules
# apt-get install logcheck-database
Config files
- /etc/logcheck/logcheck.conf
- SENDMAILTO=”root” – your email address
- /etc/logcheck/logcheck.logfiles
- configure which logfiles to analyze
- /etc/cron.d/logcheck
- logcheck cron (by default, logcheck runs every hour)
You can try it by executing the following command:
# su -s /bin/bash -c "/usr/sbin/logcheck" logcheck
Your mailbox should now contains a report from logcheck if some unusual log entries have been found.