Logwatch,顾名思义,是一款专门监测Linux log文件(日志文件)的软件。安装以后只要稍微配置一下,就能每天将主机的log分析文件发送至指定的邮箱。为什么要这么做? 因为这样能节省一个个手动查看日志的繁琐,为管理员节省时间,节省精力。并且每天(甚至更频繁)都能准确地接收到日志。从而对服务器的安全情况有所掌握。

以下安装方法是在apt格式的Linux发行版下安装(比如Debian、ubuntu等)
运行命令:apt-get install logwatch
   netren:~# apt-get install logwatch
   Reading package lists... Done
   Building dependency tree
   Reading state information... Done
   The following extra packages will be installed:
     libdate-manip-perl
   Suggested packages:
     fortune-mod
   The following NEW packages will be installed:
     libdate-manip-perl logwatch
   0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
   Need to get 499kB of archives.
   After this operation, 2871kB of additional disk space will be used.
   Do you want to continue [Y/n]?y(按y键继续,完成安装)

安装后版本是logwatch 7.3.6,并在Linux系统内生成以下文件:
/etc/logwatch                                                            (所在目录)
/etc/cron.daily/00logwatch                                      (自动生成的日程,根据此项系统每天进行日志检查)
/usr/sbin/logwatch                                                    (logwatch命令文件)
/usr/share/logwatch/                                                 (程序安装的位置)
/usr/share/logwatch/scripts/logwatch.pl                 (logwatch主文件)
/usr/sbin/logwatch                                                    (logwatch命令)
/usr/share/logwatch/default.conf/services/sshd.conf(针对sshd程序日志的管理)
/usr/share/logwatch/default.conf/services/sshd2.conf
/usr/share/logwatch/default.conf/services/stunnel.conf
...........
/usr/share/logwatch/dist.conf/logfiles
/usr/share/logwatch/dist.conf/logwatch.conf                 (logwatch配置文件)

logwatch配置:
vim /usr/share/logwatch/dist.conf/logwatch.conf
查找 MailTo = ,然后改为你的实际Email地址,比如 MailTo = guo@netren.org 
Detail = 是信息等级,推荐 10 ,即最高。

 : qw 存盘退出。logwatch默认为每天执行一次(cron.daily)。当然也可以用命令立即执行:
netren:~#/usr/sbin/logwatch --mailto 你的邮箱  

本文来自网人社区:www.netren.org
以下安装方法适用于所有RPM格式的Linux发--mailto china.up@hotmail.com
行版(比如Redhat、centos等)。 

首先到Logwatch的官方网站查找最新版的logwatch(目前是7.3.6-1)。

 http://sourceforge.net/settings/mirror_choices?projectname=logwatch&filename=logwatch-7.3.6-1.noarch.rpm

检查你的主机上是否已经存在Logwatch(Redhat默认已经安装了Logwatch,不过版本比较旧):

rpm -qa logwatch  (进行查询软件是否安装)

如果主机上没有logwatch,则执行:

rpm -Ivh logwatch-7.3.6-1.noarch.rpm  (进行安装)

如果有老版本的logwatch,则执行:

rpm -Uvh logwatch-7.3.6-1.noarch.rpm  (进行更新安装)

安装完毕后,开始logwatch配置:

vim /etc/log.d/conf/logwatch.conf

查找 MailTo = ,然后改为你的实际Email地址,比如 MailTo = www@netren.org 
Detail = 是信息等级,推荐 10 ,即最高。
 : qw 存盘退出。logwatch默认为每天执行一次(cron.daily)。当然我们也可以手动执行logwatch的命令:

perl /etc/log.d/scripts/logwatch.pl


  出自  http://www.netren.org/index.php/jeffreyguo/241-linux-logwatch.html