1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
Sections of this file:
- Customizing the configuration
- More specific ranges
- access.log parsing - service http
- Getting fortunes in your language
- Howto modify a filter
- Logwatch runs daily for range yesterday by default
Customizing the configuration:
==============================
Please read the documentation in
/usr/share/doc/logwatch/HOWTO-Customize-LogWatch.gz.
For modifying a filter also read the last section in this file.
More specific ranges:
====================
Logwatch's range parameter supports a lot of range options if you apt-get
install libdate-manip-perl (Date::Manip in Perl terms). Type
logwatch --range Help
for more information.
Problems with getting logwatch messages through your MTA
========================================================
Logwatch may not always produce e-mails that strictly conform to all SMTP/Mail
related RFCs. Some MTAs reject these messages. Many of these problems can be
worked around by adding the "--encode base64" option to logwatch's command line
(in /etc/cron.daily/00logwatch for the daily invocation by cron). Note however,
that base64 encoding increases the mail size by about a factor of 1.33.
access.log parsing - service http:
==================================
Since 6.1.2, there is a new format for specifying the logfile format.
I could only test it for apache2. If it doesn't work for your webserver,
please submit a bugreport with some LogLines.
Getting fortunes in your language
=================================
If you want to see fortunes in your favourite language, you need to pass a
valid LC_ALL setting to logwatch. If you don't use a valid (read: enabled by
dpkg-reconfigure locales) value, logwatch (perl) will complain. To pass that
setting in the automatic daily run, you need to modify
/etc/cron.daily/00logwatch
Howto modify a filter:
======================
Option #1:
----------
copy the filterscript from /usr/share/logwatch/scripts to
/etc/logwatch/scripts, preserving the hierarchy. Then modfiy it. The
disadvantage is that you will not be able to track upstream changes. Please
read more in /usr/share/doc/logwatch/HOWTO-Customize-LogWatch.gz
Option #2:
----------
patch the source, rebuild. This might be the better option if you have many
machines to maintain.
The steps required are:
(This is meant to be short HOWTO, just in case you've never modified the
source of a debian package before)
- download the source
$ apt-get source logwatch
- cd to source dir
$ cd logwatch-$version
- make the modifications
$ $EDITOR $filetochange
- Add your changes to debian/patches/ with dpkg-source
$ dpkg-source --commit
This asks for a patch name and opens an editor to edit the patch
meta-information. You are not required to change anything in order to
continue, though.
- Increment the version number
$ dch -i
you get an editor with debian/changelog. Modify the version number so it's
only slightly larger than the current debian version (e.g. 5.2.2-2 =>
5.2.2-2.0.0.1)
- build the package, eg:
$ dpkg-buildpackage -rfakeroot
or
$ debuild
- install the package (requires root privileges)
$ debi
or
$ dpkg -i ../logwatch_$version.deb
Logwatch runs daily for range yesterday by default
==================================================
If you don't want that, simply delete /etc/cron.daily/00logwatch or modify it.
New versions of this package will preserve this change, thanks to dpkg's
configuration file handling.
|
