FreeBSD安装Logwatch工具进行日志分析和监视
时间:2019-11-20 08:54:07 来源:igfitidea点击:
在FreeBSD中,如何监控分析系统日志?
可以使用Logwatch,Logwatch是非常强大的系统日志分析器和报告器,通过分析/var/log /目录中的日志,形成详细的报告。
在FreeBSD上安装Logwatch Tool
以root用户身份执行以下命令:
# portsnap fetch update # cd /usr/ports/sysutils/logwatch # make install clean
或者使用pkg命令安装二进制软件包:
# pkg install sysutils/logwatch
配置Logwatch日志分析器
默认配置文件位于/usr/local/etc/logwatch/defaults/logwatch.conf。
# vi /usr/local/etc/logwatch/defaults/logwatch.conf
设置接收报告的邮箱:
MailTo = [email protected], [email protected]
是否将报告显示在屏幕上:
Print = No
设置计划任务
编辑crontab
# vi /etc/crontab
或者
# crontab -e
添加下面代码:
@daily /usr/local/sbin/logwatch.pl
这样,每天就可以收到系统报告。
内容类似如下:
################### Logwatch 7.3.6 (05/19/17) ####################
Processing Initiated: Tue Jul 8 06:25:03 2017
Date Range Processed: yesterday
( 2017-Jul-07 )
Period is day.
Detail Level of Output: 5
Type of Output: unformatted
Logfiles for Host: freebsd.theitroad.com
##################################################################
--------------------- Cron Begin ------------------------
Commands Run:
User root:
/usr/bin/rsnapshot daily: 1 Time(s)
/usr/bin/rsnapshot hourly: 6 Time(s)
if [ -x /usr/bin/vnstat ] && [ `ls /var/lib/vnstat/ | wc -l` -ge 1 ]; then /usr/bin/vnstat -u; fi: 288 Time(s)
---------------------- Cron End -------------------------
--------------------- Named Begin ------------------------
**Unmatched Entries**
client 122.167.76.117 notify question section contains no SOA: 2 Time(s)
---------------------- Named End -------------------------
--------------------- pam_unix Begin ------------------------
cron:
Sessions Opened:
root: 2240 Time(s)
sshd:
Sessions Opened:
payal: 545 Time(s)
payal by payal: 8 Time(s)
su:
Sessions Opened:
root -> nobody: 3 Time(s)
---------------------- pam_unix End -------------------------
--------------------- postfix Begin ------------------------
77502 bytes transferred
14 messages sent
14 messages removed from queue
Top ten local senders:
14 messages sent by:
root (uid=0):
---------------------- postfix End -------------------------
--------------------- SSHD Begin ------------------------
Users logging in through sshd:
payal:
192.168.0.5 (laptop.theitroad.com): 460 times
192.168.0.7 (desktop.theitroad.com): 93 times
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad4s1a 507630 384080 82940 82% /
devfs 1 1 0 100% /dev
/dev/ad6s1d 237397844 17597052 201708966 8% /disk1
/dev/ad4s1d 507630 14 467006 0% /tmp
/dev/ad4s1f 224192598 3170358 203086834 2% /usr
/dev/ad4s1e 10154158 93652 9248174 1% /var
procfs 4 4 0 100% /proc
devfs 1 1 0 100% /var/named/dev
devfs => 100% Used. Warning. Disk Filling up.
procfs => 100% Used. Warning. Disk Filling up.
devfs => 100% Used. Warning. Disk Filling up.
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
