Logcheck

From Alpine Linux
Revision as of 18:56, 1 February 2025 by Jarp (talk | contribs) (Created page with "[https://logcheck.org Logcheck] is a simple tool which scans logfiles and emails reports out of unrecognized entries. == Installing == {{Cmd|apk add logcheck grep perl-mime-construct run-parts}} At the moment grep and run-parts must be manually installed, otherwise logcheck won't work. Work is being done to remove these dependencies. Additionally, while technically not required, perl-mime-construct is needed for email reports. == Configuration == Default configurat...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Logcheck is a simple tool which scans logfiles and emails reports out of unrecognized entries.

Installing

apk add logcheck grep perl-mime-construct run-parts

At the moment grep and run-parts must be manually installed, otherwise logcheck won't work. Work is being done to remove these dependencies.

Additionally, while technically not required, perl-mime-construct is needed for email reports.

Configuration

Default configuration in /etc/logcheck/logcheck.conf is quite good starting point. It is meant for servers and will email reports to "logcheck" (should be changed if your mail configuration won't deliver such emails to desired destination).

Log files to be scanned are configured in /etc/logcheck/logcheck.logfiles.d. You may want to comment out "journal" from journal.logfiles as we are not using systemd and modify syslog.logfiles to include messages:

Contents of /etc/logcheck/logcheck.logfiles.d/journal.logfiles

#journal


Contents of /etc/logcheck/logcheck.logfiles.d/syslog.logfiles

#/var/log/syslog #/var/log/auth.log /var/log/messages


Scheduling

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Logcheck&oldid=28894"