Log redirection and analysis

  • Redirecting system logs to a remote secure server. /etc/syslog.conf for remote logging: 
    # Send all messages to remote system "loghost"
*.*		@loghost

  • The "loghost" should be a machine host name. On the loghost, syslogd daemon should run with "-r" option, syslogd -r (modify /etc/init.d/sysklogd: SYSLOGD="-r")

  • Logs can be analysed with logwatch. 
    /usr/sbin/logwatch --help
    Example: 
    /usr/sbin/logwatch --detail High --range Today --print
    Previous Pageprevious First Pagetop Next Pagenext