1 |
nightmorph 10/10/12 17:39:24 |
2 |
|
3 |
Modified: logcheck.xml |
4 |
Log: |
5 |
add troubleshooting section and log file scanning, bug 340657 |
6 |
|
7 |
Revision Changes Path |
8 |
1.2 xml/htdocs/doc/en/logcheck.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.2&view=markup |
11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.2&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?r1=1.1&r2=1.2 |
13 |
|
14 |
Index: logcheck.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/logcheck.xml,v |
17 |
retrieving revision 1.1 |
18 |
retrieving revision 1.2 |
19 |
diff -u -r1.1 -r1.2 |
20 |
--- logcheck.xml 13 Jul 2010 20:29:06 -0000 1.1 |
21 |
+++ logcheck.xml 12 Oct 2010 17:39:24 -0000 1.2 |
22 |
@@ -1,6 +1,6 @@ |
23 |
<?xml version='1.0' encoding='UTF-8'?> |
24 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
25 |
-<!-- $Header $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/logcheck.xml,v 1.2 2010/10/12 17:39:24 nightmorph Exp $ --> |
27 |
|
28 |
<guide> |
29 |
<title>Logcheck Guide</title> |
30 |
@@ -20,8 +20,8 @@ |
31 |
<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> |
32 |
<license/> |
33 |
|
34 |
-<version>1</version> |
35 |
-<date>2010-07-13</date> |
36 |
+<version>2</version> |
37 |
+<date>2010-10-12</date> |
38 |
|
39 |
<chapter> |
40 |
<title>Getting Started With logcheck</title> |
41 |
@@ -130,6 +130,16 @@ |
42 |
</pre> |
43 |
|
44 |
<p> |
45 |
+You also have to tell <c>logcheck</c> which log files to scan |
46 |
+(<path>/etc/logcheck/logcheck.logfiles</path>). |
47 |
+</p> |
48 |
+ |
49 |
+<pre caption="Basic /etc/logcheck/logcheck.logfiles setup"> |
50 |
+<comment>(This is an example for syslog-ng)</comment> |
51 |
+/var/log/messages |
52 |
+</pre> |
53 |
+ |
54 |
+<p> |
55 |
Finally, enable the logcheck cron job. |
56 |
</p> |
57 |
|
58 |
@@ -161,4 +171,54 @@ |
59 |
</body> |
60 |
</section> |
61 |
</chapter> |
62 |
+ |
63 |
+<chapter> |
64 |
+<title>Troubleshooting</title> |
65 |
+<section> |
66 |
+<title>General tips</title> |
67 |
+<body> |
68 |
+ |
69 |
+<p> |
70 |
+You can use the logcheck's <c>-d</c> switch to display more debugging |
71 |
+information. Example: |
72 |
+</p> |
73 |
+ |
74 |
+<pre caption="Debugging logcheck"> |
75 |
+# <i>su -s /bin/bash -c '/usr/sbin/logcheck -d' logcheck</i> |
76 |
+D: [1281318818] Turning debug mode on |
77 |
+D: [1281318818] Sourcing - /etc/logcheck/logcheck.conf |
78 |
+D: [1281318818] Finished getopts c:dhH:l:L:m:opr:RsS:tTuvw |
79 |
+D: [1281318818] Trying to get lockfile: /var/lock/logcheck/logcheck.lock |
80 |
+D: [1281318818] Running lockfile-touch /var/lock/logcheck/logcheck.lock |
81 |
+D: [1281318818] cleanrules: /etc/logcheck/cracking.d/kernel |
82 |
+... |
83 |
+D: [1281318818] cleanrules: /etc/logcheck/violations.d/su |
84 |
+D: [1281318818] cleanrules: /etc/logcheck/violations.d/sudo |
85 |
+... |
86 |
+D: [1281318825] logoutput called with file: /var/log/messages |
87 |
+D: [1281318825] Running /usr/sbin/logtail2 on /var/log/messages |
88 |
+D: [1281318825] Sorting logs |
89 |
+D: [1281318825] Setting the Intro |
90 |
+D: [1281318825] Checking for security alerts |
91 |
+D: [1281318825] greplogoutput: kernel |
92 |
+... |
93 |
+D: [1281318825] greplogoutput: returning 1 |
94 |
+D: [1281318825] Checking for security events |
95 |
+... |
96 |
+D: [1281318825] greplogoutput: su |
97 |
+D: [1281318825] greplogoutput: Entries in checked |
98 |
+D: [1281318825] cleanchecked - file: /tmp/logcheck.uIFLqU/violations-ignore/logcheck-su |
99 |
+D: [1281318825] report: cat'ing - Security Events for su |
100 |
+... |
101 |
+D: [1281318835] report: cat'ing - System Events |
102 |
+D: [1281318835] Setting the footer text |
103 |
+D: [1281318835] Sending report: 'localhost 2010-08-09 03:53 Security Events' to root |
104 |
+D: [1281318835] cleanup: Killing lockfile-touch - 17979 |
105 |
+D: [1281318835] cleanup: Removing lockfile: /var/lock/logcheck/logcheck.lock |
106 |
+D: [1281318835] cleanup: Removing - /tmp/logcheck.uIFLqU |
107 |
+</pre> |
108 |
+ |
109 |
+</body> |
110 |
+</section> |
111 |
+</chapter> |
112 |
</guide> |