[gentoo-doc-cvs] gentoo commit in xml/htdocs/doc/en: logcheck.xml metadoc.xml - gentoo-doc-cvs

From:	"Joshua Saddler (nightmorph)" <nightmorph@g.o>
To:	gentoo-doc-cvs@l.g.o
Subject:	[gentoo-doc-cvs] gentoo commit in xml/htdocs/doc/en: logcheck.xml metadoc.xml
Date:	Tue, 13 Jul 2010 20:29:09
Message-Id:	`20100713202906.6634C2CE14@corvid.gentoo.org`

1

nightmorph    10/07/13 20:29:06

2

3

  Modified:             metadoc.xml

4

  Added:                logcheck.xml

5

  Log:

6

  add a new guide on logcheck, thanks to phajdan.jr. bug 322223.

7

8

Revision  Changes    Path

9

1.233                xml/htdocs/doc/en/metadoc.xml

10

11

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.233&view=markup

12

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.233&content-type=text/plain

13

diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/metadoc.xml?r1=1.232&r2=1.233

14

15

Index: metadoc.xml

16

===================================================================

17

RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v

18

retrieving revision 1.232

19

retrieving revision 1.233

20

diff -u -r1.232 -r1.233

21

--- metadoc.xml	13 Jul 2010 20:20:54 -0000	1.232

22

+++ metadoc.xml	13 Jul 2010 20:29:06 -0000	1.233

23

@@ -1,8 +1,8 @@

24

 <?xml version="1.0" encoding="UTF-8"?>

25

 <!DOCTYPE metadoc SYSTEM "/dtd/metadoc.dtd">

26

-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.232 2010/07/13 20:20:54 nightmorph Exp $ -->

27

+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.233 2010/07/13 20:29:06 nightmorph Exp $ -->

28

 <metadoc lang="en">

29

-  <version>1.154</version>

30

+  <version>1.155</version>

31

   <members>

32

     <lead>neysx</lead>

33

     <member>cam</member>

34

@@ -375,6 +375,7 @@

35

     <file id="openrc-migration">/doc/en/openrc-migration.xml</file>

36

     <file id="multipath">/doc/en/multipath.xml</file>

37

     <file id="bind-guide">/doc/en/bind-guide.xml</file>

38

+    <file id="logcheck">/doc/en/logcheck.xml</file>

39

     <file id="devmanual">/proj/en/qa/devmanual.xml</file>

40

   </files>

41

   <docs>

42

@@ -1106,5 +1107,8 @@

43

     <doc fileid="texlive-migration-guide">

44

       <memberof>upgrade</memberof>

45

     </doc>

46

+    <doc fileid="logcheck">

47

+      <memberof>sysadmin_specific</memberof>

48

+    </doc>

49

   </docs>

50

 </metadoc>

1.1                  xml/htdocs/doc/en/logcheck.xml

55

56

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.1&view=markup

57

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.1&content-type=text/plain

58

59

Index: logcheck.xml

60

===================================================================

61

<?xml version='1.0' encoding='UTF-8'?>

62

<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

63

<!-- $Header $ -->

64

65

<guide>

66

<title>Logcheck Guide</title>

67

68

<author title="Author">

69

  <mail link="phajdan.jr"/>

70

</author>

71

<author title="Editor">

72

  <mail link="nightmorph"/>

73

</author>

74

75

<abstract>

76

This guide shows you how to analyze system logs with logcheck.

77

</abstract>

78

79

<!-- The content of this document is licensed under the CC-BY-SA license -->

80

<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->

81

<license/>

82

83

<version>1</version>

84

<date>2010-07-13</date>

85

86

<chapter>

87

<title>Getting Started With logcheck</title>

88

<section>

89

<title>Background</title>

90

<body>

91

92

<p>

93

<c>logcheck</c> is an updated version of <c>logsentry</c> (from the

94

<c>sentrytools</c> package), which is a tool to analyze the system logs.

95

Additionally, <c>logcheck</c> comes with a built-in database of common,

96

not-interesting log messages to filter out the noise. The general idea of the

97

tool is that all messages are interesting, except the ones explicitly marked as

98

noise. <c>logcheck</c> periodically sends you an e-mail with a summary of

99

interesting messages.

100

</p>

101

102

</body>

103

</section>

104

<section>

105

<title>Installing logcheck</title>

106

<body>

107

108

<impo>

109

It is strongly recommended to remove logsentry if you have it installed on

110

your system. Additionally, you should remove /etc/logcheck to avoid permission

111

and file collision problem.

112

</impo>

113

114

<pre caption="Removing logsentry">

115

<comment>(Uninstall the logsentry package)</comment>

116

# <i>emerge -C logsentry</i>

117

<comment>(Remove leftover files)</comment>

118

# <i>rm -rf /etc/logcheck</i>

119

</pre>

120

121

<p>

122

Now you can proceed with the installation of logcheck.

123

</p>

124

125

<pre caption="Installing logcheck">

126

# <i>emerge -av app-admin/logcheck</i>

127

</pre>

128

129

</body>

130

</section>

131

<section>

132

<title>Basic configuration</title>

133

<body>

134

135

<p>

136

<c>logcheck</c> creates a separate user "logcheck" to avoid running as root.

137

Actually, it will refuse to run as root. To allow it to analyze the logs,

138

you need to make sure they are readable by logcheck. Here is an example

139

for <c>syslog-ng</c>:

140

</p>

141

142

<pre caption="/etc/syslog-ng/syslog-ng.conf snippet">

143

options {

144

        owner(root);

145

146

        <comment>(Make log files group-readable by logcheck)</comment>

147

        group(logcheck);

148

        perm(0640);

149

};

150

</pre>

151

152

<p>

153

Now reload the configuration and make sure the changes work as expected.

154

</p>

155

156

<pre caption="Reload syslog-ng configuration">

157

# <i>/etc/init.d/syslog-ng reload</i>

158

<comment>(Make sure /var/log/messages has correct permissions)</comment>

159

# <i>ls -l /var/log/messages</i>

160

-rw-r----- 1 root logcheck 1694438 Feb 12 12:18 /var/log/messages

161

</pre>

162

163

<p>

164

You should now adjust some basic <c>logcheck</c> settings in

165

<path>/etc/logcheck/logcheck.conf</path>.

166

</p>

167

168

<pre caption="Basic /etc/logcheck/logcheck.conf setup">

169

# Controls the level of filtering:

170

# Can be Set to "workstation", "server" or "paranoid" for different

171

# levels of filtering. Defaults to server if not set.

172

<comment>(The workstation level includes server, and server includes paranoid.

173

The paranoid level filters almost no messages)</comment>

174

REPORTLEVEL="server"

175

176

# Controls the address mail goes to:

177

# *NOTE* the script does not set a default value for this variable!

178

# Should be set to an offsite "emailaddress@×××××××××××.tld"

179

<comment>(Make sure you can receive the logcheck e-mails. Testing is strongly

180

recommended)</comment>

181

SENDMAILTO="root"

182

183

# Controls if syslog-summary is run over each section.

184

# Alternatively, set to "1" to enable extra summary.

185

# HINT: syslog-summary needs to be installed.

186

<comment>(If you get a lot of similar messages in the logs, you

187

may want to install app-admin/syslog-summary and enable

188

this setting)</comment>

189

SYSLOGSUMMARY=0

190

</pre>

191

192

<p>

193

Finally, enable the logcheck cron job.

194

</p>

195

196

<pre caption="Enable logcheck cron job">

197

<comment>(Edit the cron file and follow the instructions inside)</comment>

198

# <i>nano -w /etc/cron.hourly/logcheck.cron</i>

199

</pre>

200

201

<note>

202

For more information about cron read the <uri link="/doc/en/cron-guide.xml">Cron

203

Guide</uri>.

204

</note>

205

206

<p>

207

Congratulations! Now you will be regularly getting important log messages by

208

email. An example message looks like this:

209

</p>

210

211

<pre caption="Example logcheck message">

212

System Events

213

=-=-=-=-=-=-=

214

Feb 10 17:13:53 localhost kernel: [30233.238342] conftest[25838]: segfault at 40 ip 40061403 sp bfc443c4 error 4

215

in libc-2.10.1.so[4003e000+142000]

216

Feb 11 12:31:21 localhost postfix/pickup[18704]: fatal: could not find any active network interfaces

217

Feb 11 12:31:22 localhost postfix/master[3776]: warning: process //usr/lib/postfix/pickup pid 18704 exit status 1

218

Feb 11 12:31:22 localhost postfix/master[3776]: warning: //usr/lib/postfix/pickup: bad command startup -- throttling

219

</pre>

220

221

</body>

222

</section>

223

</chapter>

224

</guide>

1	nightmorph 10/07/13 20:29:06
2
3	Modified: metadoc.xml
4	Added: logcheck.xml
5	Log:
6	add a new guide on logcheck, thanks to phajdan.jr. bug 322223.
7
8	Revision Changes Path
9	1.233 xml/htdocs/doc/en/metadoc.xml
10
11	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.233&view=markup
12	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.233&content-type=text/plain
13	diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/metadoc.xml?r1=1.232&r2=1.233
14
15	Index: metadoc.xml
16	===================================================================
17	RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v
18	retrieving revision 1.232
19	retrieving revision 1.233
20	diff -u -r1.232 -r1.233
21	--- metadoc.xml 13 Jul 2010 20:20:54 -0000 1.232
22	+++ metadoc.xml 13 Jul 2010 20:29:06 -0000 1.233
23	@@ -1,8 +1,8 @@
24	<?xml version="1.0" encoding="UTF-8"?>
25	<!DOCTYPE metadoc SYSTEM "/dtd/metadoc.dtd">
26	-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.232 2010/07/13 20:20:54 nightmorph Exp $ -->
27	+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.233 2010/07/13 20:29:06 nightmorph Exp $ -->
28	<metadoc lang="en">
29	- <version>1.154</version>
30	+ <version>1.155</version>
31	<members>
32	<lead>neysx</lead>
33	<member>cam</member>
34	@@ -375,6 +375,7 @@
35	<file id="openrc-migration">/doc/en/openrc-migration.xml</file>
36	<file id="multipath">/doc/en/multipath.xml</file>
37	<file id="bind-guide">/doc/en/bind-guide.xml</file>
38	+ <file id="logcheck">/doc/en/logcheck.xml</file>
39	<file id="devmanual">/proj/en/qa/devmanual.xml</file>
40	</files>
41	<docs>
42	@@ -1106,5 +1107,8 @@
43	<doc fileid="texlive-migration-guide">
44	<memberof>upgrade</memberof>
45	</doc>
46	+ <doc fileid="logcheck">
47	+ <memberof>sysadmin_specific</memberof>
48	+ </doc>
49	</docs>
50	</metadoc>
51
52
53
54	1.1 xml/htdocs/doc/en/logcheck.xml
55
56	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.1&view=markup
57	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/doc/en/logcheck.xml?rev=1.1&content-type=text/plain
58
59	Index: logcheck.xml
60	===================================================================
61	<?xml version='1.0' encoding='UTF-8'?>
62	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
63	<!-- $Header $ -->
64
65	<guide>
66	<title>Logcheck Guide</title>
67
68	<author title="Author">
69	<mail link="phajdan.jr"/>
70	</author>
71	<author title="Editor">
72	<mail link="nightmorph"/>
73	</author>
74
75	<abstract>
76	This guide shows you how to analyze system logs with logcheck.
77	</abstract>
78
79	<!-- The content of this document is licensed under the CC-BY-SA license -->
80	<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
81	<license/>
82
83	<version>1</version>
84	<date>2010-07-13</date>
85
86	<chapter>
87	<title>Getting Started With logcheck</title>
88	<section>
89	<title>Background</title>
90	<body>
91
92	<p>
93	<c>logcheck</c> is an updated version of <c>logsentry</c> (from the
94	<c>sentrytools</c> package), which is a tool to analyze the system logs.
95	Additionally, <c>logcheck</c> comes with a built-in database of common,
96	not-interesting log messages to filter out the noise. The general idea of the
97	tool is that all messages are interesting, except the ones explicitly marked as
98	noise. <c>logcheck</c> periodically sends you an e-mail with a summary of
99	interesting messages.
100	</p>
101
102	</body>
103	</section>
104	<section>
105	<title>Installing logcheck</title>
106	<body>
107
108	<impo>
109	It is strongly recommended to remove logsentry if you have it installed on
110	your system. Additionally, you should remove /etc/logcheck to avoid permission
111	and file collision problem.
112	</impo>
113
114	<pre caption="Removing logsentry">
115	<comment>(Uninstall the logsentry package)</comment>
116	# <i>emerge -C logsentry</i>
117	<comment>(Remove leftover files)</comment>
118	# <i>rm -rf /etc/logcheck</i>
119	</pre>
120
121	<p>
122	Now you can proceed with the installation of logcheck.
123	</p>
124
125	<pre caption="Installing logcheck">
126	# <i>emerge -av app-admin/logcheck</i>
127	</pre>
128
129	</body>
130	</section>
131	<section>
132	<title>Basic configuration</title>
133	<body>
134
135	<p>
136	<c>logcheck</c> creates a separate user "logcheck" to avoid running as root.
137	Actually, it will refuse to run as root. To allow it to analyze the logs,
138	you need to make sure they are readable by logcheck. Here is an example
139	for <c>syslog-ng</c>:
140	</p>
141
142	<pre caption="/etc/syslog-ng/syslog-ng.conf snippet">
143	options {
144	owner(root);
145
146	<comment>(Make log files group-readable by logcheck)</comment>
147	group(logcheck);
148	perm(0640);
149	};
150	</pre>
151
152	<p>
153	Now reload the configuration and make sure the changes work as expected.
154	</p>
155
156	<pre caption="Reload syslog-ng configuration">
157	# <i>/etc/init.d/syslog-ng reload</i>
158	<comment>(Make sure /var/log/messages has correct permissions)</comment>
159	# <i>ls -l /var/log/messages</i>
160	-rw-r----- 1 root logcheck 1694438 Feb 12 12:18 /var/log/messages
161	</pre>
162
163	<p>
164	You should now adjust some basic <c>logcheck</c> settings in
165	<path>/etc/logcheck/logcheck.conf</path>.
166	</p>
167
168	<pre caption="Basic /etc/logcheck/logcheck.conf setup">
169	# Controls the level of filtering:
170	# Can be Set to "workstation", "server" or "paranoid" for different
171	# levels of filtering. Defaults to server if not set.
172	<comment>(The workstation level includes server, and server includes paranoid.
173	The paranoid level filters almost no messages)</comment>
174	REPORTLEVEL="server"
175
176	# Controls the address mail goes to:
177	# NOTE the script does not set a default value for this variable!
178	# Should be set to an offsite "emailaddress@×××××××××××.tld"
179	<comment>(Make sure you can receive the logcheck e-mails. Testing is strongly
180	recommended)</comment>
181	SENDMAILTO="root"
182
183	# Controls if syslog-summary is run over each section.
184	# Alternatively, set to "1" to enable extra summary.
185	# HINT: syslog-summary needs to be installed.
186	<comment>(If you get a lot of similar messages in the logs, you
187	may want to install app-admin/syslog-summary and enable
188	this setting)</comment>
189	SYSLOGSUMMARY=0
190	</pre>
191
192	<p>
193	Finally, enable the logcheck cron job.
194	</p>
195
196	<pre caption="Enable logcheck cron job">
197	<comment>(Edit the cron file and follow the instructions inside)</comment>
198	# <i>nano -w /etc/cron.hourly/logcheck.cron</i>
199	</pre>
200
201	<note>
202	For more information about cron read the <uri link="/doc/en/cron-guide.xml">Cron
203	Guide</uri>.
204	</note>
205
206	<p>
207	Congratulations! Now you will be regularly getting important log messages by
208	email. An example message looks like this:
209	</p>
210
211	<pre caption="Example logcheck message">
212	System Events
213	=-=-=-=-=-=-=
214	Feb 10 17:13:53 localhost kernel: [30233.238342] conftest[25838]: segfault at 40 ip 40061403 sp bfc443c4 error 4
215	in libc-2.10.1.so[4003e000+142000]
216	Feb 11 12:31:21 localhost postfix/pickup[18704]: fatal: could not find any active network interfaces
217	Feb 11 12:31:22 localhost postfix/master[3776]: warning: process //usr/lib/postfix/pickup pid 18704 exit status 1
218	Feb 11 12:31:22 localhost postfix/master[3776]: warning: //usr/lib/postfix/pickup: bad command startup -- throttling
219	</pre>
220
221	</body>
222	</section>
223	</chapter>
224	</guide>

Gentoo Archives: gentoo-doc-cvs