1 |
nightmorph 10/07/13 20:29:06 |
2 |
|
3 |
Modified: metadoc.xml |
4 |
Added: logcheck.xml |
5 |
Log: |
6 |
add a new guide on logcheck, thanks to phajdan.jr. bug 322223. |
7 |
|
8 |
Revision Changes Path |
9 |
1.233 xml/htdocs/doc/en/metadoc.xml |
10 |
|
11 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.233&view=markup |
12 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.233&content-type=text/plain |
13 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/metadoc.xml?r1=1.232&r2=1.233 |
14 |
|
15 |
Index: metadoc.xml |
16 |
=================================================================== |
17 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v |
18 |
retrieving revision 1.232 |
19 |
retrieving revision 1.233 |
20 |
diff -u -r1.232 -r1.233 |
21 |
--- metadoc.xml 13 Jul 2010 20:20:54 -0000 1.232 |
22 |
+++ metadoc.xml 13 Jul 2010 20:29:06 -0000 1.233 |
23 |
@@ -1,8 +1,8 @@ |
24 |
<?xml version="1.0" encoding="UTF-8"?> |
25 |
<!DOCTYPE metadoc SYSTEM "/dtd/metadoc.dtd"> |
26 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.232 2010/07/13 20:20:54 nightmorph Exp $ --> |
27 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.233 2010/07/13 20:29:06 nightmorph Exp $ --> |
28 |
<metadoc lang="en"> |
29 |
- <version>1.154</version> |
30 |
+ <version>1.155</version> |
31 |
<members> |
32 |
<lead>neysx</lead> |
33 |
<member>cam</member> |
34 |
@@ -375,6 +375,7 @@ |
35 |
<file id="openrc-migration">/doc/en/openrc-migration.xml</file> |
36 |
<file id="multipath">/doc/en/multipath.xml</file> |
37 |
<file id="bind-guide">/doc/en/bind-guide.xml</file> |
38 |
+ <file id="logcheck">/doc/en/logcheck.xml</file> |
39 |
<file id="devmanual">/proj/en/qa/devmanual.xml</file> |
40 |
</files> |
41 |
<docs> |
42 |
@@ -1106,5 +1107,8 @@ |
43 |
<doc fileid="texlive-migration-guide"> |
44 |
<memberof>upgrade</memberof> |
45 |
</doc> |
46 |
+ <doc fileid="logcheck"> |
47 |
+ <memberof>sysadmin_specific</memberof> |
48 |
+ </doc> |
49 |
</docs> |
50 |
</metadoc> |
51 |
|
52 |
|
53 |
|
54 |
1.1 xml/htdocs/doc/en/logcheck.xml |
55 |
|
56 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.1&view=markup |
57 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.1&content-type=text/plain |
58 |
|
59 |
Index: logcheck.xml |
60 |
=================================================================== |
61 |
<?xml version='1.0' encoding='UTF-8'?> |
62 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
63 |
<!-- $Header $ --> |
64 |
|
65 |
<guide> |
66 |
<title>Logcheck Guide</title> |
67 |
|
68 |
<author title="Author"> |
69 |
<mail link="phajdan.jr"/> |
70 |
</author> |
71 |
<author title="Editor"> |
72 |
<mail link="nightmorph"/> |
73 |
</author> |
74 |
|
75 |
<abstract> |
76 |
This guide shows you how to analyze system logs with logcheck. |
77 |
</abstract> |
78 |
|
79 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
80 |
<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> |
81 |
<license/> |
82 |
|
83 |
<version>1</version> |
84 |
<date>2010-07-13</date> |
85 |
|
86 |
<chapter> |
87 |
<title>Getting Started With logcheck</title> |
88 |
<section> |
89 |
<title>Background</title> |
90 |
<body> |
91 |
|
92 |
<p> |
93 |
<c>logcheck</c> is an updated version of <c>logsentry</c> (from the |
94 |
<c>sentrytools</c> package), which is a tool to analyze the system logs. |
95 |
Additionally, <c>logcheck</c> comes with a built-in database of common, |
96 |
not-interesting log messages to filter out the noise. The general idea of the |
97 |
tool is that all messages are interesting, except the ones explicitly marked as |
98 |
noise. <c>logcheck</c> periodically sends you an e-mail with a summary of |
99 |
interesting messages. |
100 |
</p> |
101 |
|
102 |
</body> |
103 |
</section> |
104 |
<section> |
105 |
<title>Installing logcheck</title> |
106 |
<body> |
107 |
|
108 |
<impo> |
109 |
It is strongly recommended to remove logsentry if you have it installed on |
110 |
your system. Additionally, you should remove /etc/logcheck to avoid permission |
111 |
and file collision problem. |
112 |
</impo> |
113 |
|
114 |
<pre caption="Removing logsentry"> |
115 |
<comment>(Uninstall the logsentry package)</comment> |
116 |
# <i>emerge -C logsentry</i> |
117 |
<comment>(Remove leftover files)</comment> |
118 |
# <i>rm -rf /etc/logcheck</i> |
119 |
</pre> |
120 |
|
121 |
<p> |
122 |
Now you can proceed with the installation of logcheck. |
123 |
</p> |
124 |
|
125 |
<pre caption="Installing logcheck"> |
126 |
# <i>emerge -av app-admin/logcheck</i> |
127 |
</pre> |
128 |
|
129 |
</body> |
130 |
</section> |
131 |
<section> |
132 |
<title>Basic configuration</title> |
133 |
<body> |
134 |
|
135 |
<p> |
136 |
<c>logcheck</c> creates a separate user "logcheck" to avoid running as root. |
137 |
Actually, it will refuse to run as root. To allow it to analyze the logs, |
138 |
you need to make sure they are readable by logcheck. Here is an example |
139 |
for <c>syslog-ng</c>: |
140 |
</p> |
141 |
|
142 |
<pre caption="/etc/syslog-ng/syslog-ng.conf snippet"> |
143 |
options { |
144 |
owner(root); |
145 |
|
146 |
<comment>(Make log files group-readable by logcheck)</comment> |
147 |
group(logcheck); |
148 |
perm(0640); |
149 |
}; |
150 |
</pre> |
151 |
|
152 |
<p> |
153 |
Now reload the configuration and make sure the changes work as expected. |
154 |
</p> |
155 |
|
156 |
<pre caption="Reload syslog-ng configuration"> |
157 |
# <i>/etc/init.d/syslog-ng reload</i> |
158 |
<comment>(Make sure /var/log/messages has correct permissions)</comment> |
159 |
# <i>ls -l /var/log/messages</i> |
160 |
-rw-r----- 1 root logcheck 1694438 Feb 12 12:18 /var/log/messages |
161 |
</pre> |
162 |
|
163 |
<p> |
164 |
You should now adjust some basic <c>logcheck</c> settings in |
165 |
<path>/etc/logcheck/logcheck.conf</path>. |
166 |
</p> |
167 |
|
168 |
<pre caption="Basic /etc/logcheck/logcheck.conf setup"> |
169 |
# Controls the level of filtering: |
170 |
# Can be Set to "workstation", "server" or "paranoid" for different |
171 |
# levels of filtering. Defaults to server if not set. |
172 |
<comment>(The workstation level includes server, and server includes paranoid. |
173 |
The paranoid level filters almost no messages)</comment> |
174 |
REPORTLEVEL="server" |
175 |
|
176 |
# Controls the address mail goes to: |
177 |
# *NOTE* the script does not set a default value for this variable! |
178 |
# Should be set to an offsite "emailaddress@×××××××××××.tld" |
179 |
<comment>(Make sure you can receive the logcheck e-mails. Testing is strongly |
180 |
recommended)</comment> |
181 |
SENDMAILTO="root" |
182 |
|
183 |
# Controls if syslog-summary is run over each section. |
184 |
# Alternatively, set to "1" to enable extra summary. |
185 |
# HINT: syslog-summary needs to be installed. |
186 |
<comment>(If you get a lot of similar messages in the logs, you |
187 |
may want to install app-admin/syslog-summary and enable |
188 |
this setting)</comment> |
189 |
SYSLOGSUMMARY=0 |
190 |
</pre> |
191 |
|
192 |
<p> |
193 |
Finally, enable the logcheck cron job. |
194 |
</p> |
195 |
|
196 |
<pre caption="Enable logcheck cron job"> |
197 |
<comment>(Edit the cron file and follow the instructions inside)</comment> |
198 |
# <i>nano -w /etc/cron.hourly/logcheck.cron</i> |
199 |
</pre> |
200 |
|
201 |
<note> |
202 |
For more information about cron read the <uri link="/doc/en/cron-guide.xml">Cron |
203 |
Guide</uri>. |
204 |
</note> |
205 |
|
206 |
<p> |
207 |
Congratulations! Now you will be regularly getting important log messages by |
208 |
email. An example message looks like this: |
209 |
</p> |
210 |
|
211 |
<pre caption="Example logcheck message"> |
212 |
System Events |
213 |
=-=-=-=-=-=-= |
214 |
Feb 10 17:13:53 localhost kernel: [30233.238342] conftest[25838]: segfault at 40 ip 40061403 sp bfc443c4 error 4 |
215 |
in libc-2.10.1.so[4003e000+142000] |
216 |
Feb 11 12:31:21 localhost postfix/pickup[18704]: fatal: could not find any active network interfaces |
217 |
Feb 11 12:31:22 localhost postfix/master[3776]: warning: process //usr/lib/postfix/pickup pid 18704 exit status 1 |
218 |
Feb 11 12:31:22 localhost postfix/master[3776]: warning: //usr/lib/postfix/pickup: bad command startup -- throttling |
219 |
</pre> |
220 |
|
221 |
</body> |
222 |
</section> |
223 |
</chapter> |
224 |
</guide> |