Difference between revisions of "Creating new logwatch service or scripts"
m |
m |
||
Line 1: | Line 1: | ||
<yambe:breadcrumb self="Creating new logwatch service or scripts">Logwatch configuration|Logwatch configuration</yambe:breadcrumb> | |||
==Creating new logwatch service or scripts== | ==Creating new logwatch service or scripts== | ||
Line 23: | Line 24: | ||
Read /usr/share/doc/logwatch-.*/HOWTO-Customize-LogWatch for more details then given above. | Read /usr/share/doc/logwatch-.*/HOWTO-Customize-LogWatch for more details then given above. | ||
<yambe:breadcrumb self="Creating new logwatch service or scripts">Logwatch configuration|Logwatch configuration</yambe:breadcrumb> |
Revision as of 07:47, 22 January 2019
<yambe:breadcrumb self="Creating new logwatch service or scripts">Logwatch configuration|Logwatch configuration</yambe:breadcrumb>
Creating new logwatch service or scripts
Creating service configuration file
In order to get log messages of remote host though logwatch email we have to setup service for that hosts messages. First in folder /etc/logwatch/conf/services create a service_name.conf file. The only required line in this config file is Logfile = directive. Use logfile = messages. Here it is important to have space between LogFile and '=' and between '=' and messages. Also we have specified messages not because file is /var/log/messages but because /var/log/messages comes under messages Log Group.
Contents of sample file "asa.conf"
LogFile = messages
Creating service script file
After this we have to create filter script that when given log file on standard input would print only relevant output on standard output. Filter scripts must be kept in /etc/logwatch/scripts/services directory and the name must be service_name. The file should also be executable, so if it is shell script do not forget to do chmod +x on it. It can also be a c program or python script, it is not necessary for filter to be a bash script. We mention loggroup in service configuration file. The loggroup configuration file contains names of logfiles inside that loggroup. For examples loggroup `messages', contains logfile `/var/log/messages'. This script is given entire logfiles as standard input and its standard output is sent as log report.
So if you want entire log file to be sent as log report the script file can contain just one `cat' command without any arguments. In case you want only lines containing word ASA to be sent as logreport then you can write only one line 'grep ASA' in the script file.
All the current logwatch scripts, configuration files and service files are located in '/usr/share/logwatch-<ver>' directory. We can refer to these config files, service files etc. to create new files.
Read /usr/share/doc/logwatch-.*/HOWTO-Customize-LogWatch for more details then given above.
<yambe:breadcrumb self="Creating new logwatch service or scripts">Logwatch configuration|Logwatch configuration</yambe:breadcrumb>