Kernel Logging   «Prev  Next»

Lesson 7Monitoring logs
ObjectiveMonitor logs with logwatch.

Monitor logs with logwatch for System and Kernel Logging

Monitoring system logs is a burdensome, but important task. If you do not properly monitor your logs, you may miss security problems, hardware problems, or software problems.
For example, if every Monday at 5 a.m., a system had a runaway maintenance process that filled up the filesystem and then promptly cleaned it up again, only the system logs would reveal there was a problem.
The most forceful method to monitor your logfiles is by direct, visual inspection. You can open a new terminal window and type 
tail -f /var/log/messages

to watch for log messages as they are added. This method is impractical however, because log messages might scroll by too quickly, might be logged to a different logfile, or you will need to leave your console to eat, sleep, or just take a break.

logwatch

The logwatch utility, available on the Red Hat Linux Utilities CD, allows you to monitor logfiles and show only events that are out of the ordinary. It is completely customizable and reports on logged events in an easily understood format.
To use logwatch, simply type its name on the command line. You can increase the output's detail with the --detail flag. For example, to show a lot of detail from your logs, use logwatch --detail high.
Logwatch supports several other options.Check the logwatch man page for more information.

Question: What is the 
/etc/syslog.conf

entry to send all debug messages to /var/log/debug.

Answer: 
*.debug /var/log/debug

Explanation: Using the asterisk wildcard for the facility allows any facility with a debug severity to match and, consequently, be sent to the /var/log/debug file.

Monitor System Logs with Logwatch on Ubuntu 12.04

Logwatch is a utility used to monitor system logs and create reports. These reports include failed login attempts, successful login attempts, and storage space used/available. Before installing Logwatch, it is assumed that you have followed our getting started guide. If you are new to Linux server administration, you may be interested in our introduction to Linux concepts guide, beginner's guide and administration basics guide.

Update System Packages

You will need to make sure that your system and installed packages are up to date by issuing the following commands: 
 apt-get update
apt-get upgrade