Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 233645 Details for
Bug 322223
New doc for app-admin/logcheck
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
logcheck.xml
logcheck.xml (text/plain), 4.87 KB, created by
Paweł Hajdan, Jr. (RETIRED)
on 2010-05-31 13:21:19 UTC
(
hide
)
Description:
logcheck.xml
Filename:
MIME Type:
Creator:
Paweł Hajdan, Jr. (RETIRED)
Created:
2010-05-31 13:21:19 UTC
Size:
4.87 KB
patch
obsolete
><?xml version="1.0" encoding="UTF-8"?> ><!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> ><!-- $Header$ --> > ><!-- FIXME: make sure the link is accurate. --> ><guide link="/doc/en/logcheck-howto.xml" lang="en"> ><title>Logcheck Guide</title> > ><author title="Author"> > <mail link="phajdan.jr@gentoo.org">Paweł Hajdan, Jr.</mail> ></author> > ><abstract> > This guide shows you how to analyze system logs with logcheck. ></abstract> > ><!-- The content of this document is licensed under the CC-BY-SA license --> ><!-- See http://creativecommons.org/licenses/by-sa/2.5 --> ><license/> > ><!-- FIXME: make sure the version info is accurate. --> ><version>1.0</version> ><date>2010-05-31</date> > ><chapter> ><title>Getting Started With logcheck</title> ><section> ><title>Background</title> ><body> ><p> ><c>logcheck</c> is an updated version of <c>logsentry</c> (from the ><c>sentrytools</c> package), which is a tool to analyze the system logs. >Additionally, <c>logcheck</c> comes with a built-in database of common, >not-interesting log messages to filter out the noise. The general idea of the >tool is that all messages are interesting, except the ones explicitly marked >as noise. <c>logcheck</c> periodically sends you an e-mail with a summary >of interesting messages. ></p> ></body> ></section> ><section> ><title>Installing logcheck</title> ><body> ><impo> >It is strongly recommended to remove logsentry if you have it installed on >your system. Additionally, you should remove /etc/logcheck to avoid permission >and file collision problem. ></impo> ><pre caption="Removing logsentry"> ><comment>(Uninstall the logsentry package)</comment> ># <i>emerge -C logsentry</i> ><comment>(Remove leftover files)</comment> ># <i>rm -rf /etc/logcheck</i> ></pre> ><p> >Now you can proceed with the installation of logcheck. ></p> ><pre caption="Installing logcheck"> ><comment>(Install logcheck)</comment> ># <i>emerge -av app-admin/logcheck</i> ></pre> ></body> ></section> ><section> ><title>Basic configuration</title> ><body> ><p> ><c>logcheck</c> creates a separate user "logcheck" to avoid running as root. >Actually, it will refuse to run as root. To allow it to analyze the logs, >you need to make sure they are readable by logcheck. Here is an example >for <c>syslog-ng</c>. ></p> ><pre caption="/etc/syslog-ng/syslog-ng.conf snippet"> >options { > owner(root); > > <comment>(Make log files group-readable by logcheck)</comment> > group(logcheck); > perm(0640); >}; ></pre> ><p>Now reload the configuration and make sure the changes work as expected.</p> ><pre caption="Reload syslog-ng configuration"> ># <i>/etc/init.d/syslog-ng reload</i> ><comment>(Make sure /var/log/messages has correct permissions)</comment> ># <i>ls -l /var/log/messages</i> >-rw-r----- 1 root logcheck 1694438 Feb 12 12:18 /var/log/messages ></pre> ><p>You should now adjust some basic <c>logcheck</c> settings in ><path>/etc/logcheck/logcheck.conf</path>.</p> ><pre caption="Basic /etc/logcheck/logcheck.conf setup"> ># Controls the level of filtering: ># Can be Set to "workstation", "server" or "paranoid" for different ># levels of filtering. Defaults to server if not set. ><comment>(The workstation level includes server, and server includes paranoid. >The paranoid level filters almost no messages)</comment> >REPORTLEVEL="server" > ># Controls the address mail goes to: ># *NOTE* the script does not set a default value for this variable! ># Should be set to an offsite "emailaddress@some.domain.tld" ><comment>(Make sure you can receive the logcheck e-mails. Testing is strongly >recommended)</comment> >SENDMAILTO="root" > ># Controls if syslog-summary is run over each section. ># Alternatively, set to "1" to enable extra summary. ># HINT: syslog-summary needs to be installed. ><comment>(If you get a lot of similar messages in the logs, you >may want to install app-admin/syslog-summary and enable >this setting)</comment> >SYSLOGSUMMARY=0 ></pre> ><p>Finally, enable the logcheck cron job.</p> ><pre caption="Enable logcheck cron job"> ><comment>(Edit the cron file and follow the instructions inside)</comment> ># <i>nano -w /etc/cron.hourly/logcheck.cron</i> ></pre> ><!-- FIXME: make the doc url below relative --> ><note>For more information about cron read the ><uri link="http://www.gentoo.org/doc/en/cron-guide.xml">Cron Guide</uri>. ></note> ><p> >Congratulations! Now you will be regularly getting important log messages >by e-mail. An example message looks like this: ></p> ><pre caption="Example logcheck message"> >System Events >=-=-=-=-=-=-= >Feb 10 17:13:53 localhost kernel: [30233.238342] conftest[25838]: segfault at 40 ip 40061403 sp bfc443c4 error 4 >in libc-2.10.1.so[4003e000+142000] >Feb 11 12:31:21 localhost postfix/pickup[18704]: fatal: could not find any active network interfaces >Feb 11 12:31:22 localhost postfix/master[3776]: warning: process //usr/lib/postfix/pickup pid 18704 exit status 1 >Feb 11 12:31:22 localhost postfix/master[3776]: warning: //usr/lib/postfix/pickup: bad command startup -- throttling ></pre> ></body> ></section> ></chapter> > ></guide>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=233645">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 322223
: 233645
