Log redirection and analysis

Redirecting system logs to a remote secure server. /etc/syslog.conf for remote logging:

# Send all messages to remote system "loghost"
*.*		@loghost

The "loghost" should be a machine host name. On the loghost, syslogd daemon should run with "-r" option, syslogd -r (modify /etc/init.d/sysklogd: SYSLOGD="-r")

Logs can be analysed with logwatch.

/usr/sbin/logwatch --help

Example:

/usr/sbin/logwatch --detail High --range Today --print