Creating new logwatch service or scripts

From Notes_Wiki
Revision as of 12:01, 12 August 2018 by Saurabh (talk | contribs)

Creating new logwatch service or scripts

Creating service configuration file

In order to get log messages of remote host though logwatch email we have to setup service for that hosts messages. First in folder /etc/logwatch/conf/services create a service_name.conf file. The only required line in this config file is Logfile = directive. Use logfile = messages. Here it is important to have space between LogFile and '=' and between '=' and messages. Also we have specified messages not because file is /var/log/messages but because /var/log/messages comes under messages Log Group.

Contents of sample file "asa.conf"

LogFile = messages

Sample logwatch service configuration file is rsyslog asa.conf-2009-10-14.txt.


Creating service script file

After this we have to create filter script that when given log file on standard input would print only relevant output on standard output. Filter scripts must be kept in /etc/logwatch/scripts/services directory and the name must be service_name. The file should also be executable, so if it is shell script do not forget to do chmod +x on it. It can also be a c program or python script, it is not necessary for filter to be a bash script. We mention loggroup in service configuration file. The loggroup configuration file contains names of logfiles inside that loggroup. For examples loggroup `messages', contains logfile `/var/log/messages'. This script is given entire logfiles as standard input and its standard output is sent as log report.

So if you want entire log file to be sent as log report the script file can contain just one `cat' command without any arguments. In case you want only lines containing word ASA to be sent as logreport then you can write only one line 'grep ASA' in the script file.



All the current logwatch scripts, configuration files and service files are located in '/usr/share/logwatch-&ltver>' directory. We can refer to these config files, service files etc. to create new files.

Read /usr/share/doc/logwatch-.*/HOWTO-Customize-LogWatch for more details then given above.