1Logcheck(8)                                                        Logcheck(8)
2
3
4

NAME

6       logcheck - program to scan system logs for interesting lines
7

SYNOPSIS

9       logcheck [ OPTIONS ]
10

DESCRIPTION

12       The  logcheck  program  helps  spot problems and security violations in
13       your logfiles automatically and will send the results to  you  periodi‐
14       cally  in an e-mail. By default logcheck runs as an hourly cronjob just
15       off the hour and after every reboot.
16
17       logcheck supports three level of filtering:  "paranoid"  is  for  high-
18       security  machines running as few services as possible. Don't use it if
19       you can't handle its verbose messages.  "server"  is  the  default  and
20       contains  rules for many different daemons.  "workstation" is for shel‐
21       tered machines and filters most of the messages.  The ignore rules work
22       in  additive  manner.  "paranoid"  rules  are  also  included  at level
23       "server". "workstation" level includes  both  "paranoid"  and  "server"
24       rules.
25
26       The  messages  reported  are  sorted  into three layers, system events,
27       security events and attack alerts. The verbosity of  system  events  is
28       controlled  by which level you choose, paranoid, server or workstation.
29       However, security events and attack alerts are not affected by this.
30

EXAMPLES

32       logcheck can be invoked directly thanks  to  su(8)  or  sudo(8),  which
33       change  the  user ID. The following example checks the logfiles without
34       updating the offset and outputs everything to STDOUT.
35
36       sudo -u logcheck logcheck -o -t
37

OPTIONS

39       A summary of options is included below.
40
41       -c CFG Overrule default configuration file.
42
43       -d     Debug mode.
44
45       -h     Show usage information.
46
47       -H     Use this hostname string in the subject of logcheck mail.
48
49       -l LOG Run logfile through logcheck.
50
51       -L CFG Overrule default logfiles list.
52
53       -D DIR Overrule default logfiles lists directory
54
55       -m     Mail report to recipient.
56
57       -o     STDOUT mode, not sending mail.
58
59       -p     Set the report level to "paranoid".
60
61       -r DIR Overrule default rules directory.
62
63       -R     Adds "Reboot:" to the email subject line.
64
65       -s     Set the report level to "server".
66
67       -S DIR Overrule default state directory.
68
69       -t     Testing mode does not update offset.
70
71       -T     Do not remove the TMPDIR.
72
73       -u     Enable syslog-summary.
74
75       -v     Print current version.
76
77       -w     Set the report level to "workstation".
78

FILES

80       /etc/logcheck/logcheck.conf is the main configuration file.
81
82       /etc/logcheck/logcheck.logfiles is the list of files to monitor.
83
84       /etc/logcheck/logcheck.logfiles.d is the directory of lists of files to
85       monitor.
86
87       /usr/share/doc/logcheck-database/README.logcheck-database.gz  for hints
88       on how to write, test and maintain rules.
89

EXIT STATUS

91       0 upon success; 1 upon failure
92

SEE ALSO

94       logtail(8)
95

AUTHOR

97       logcheck  is   developed   by   Debian   logcheck   Team   at   alioth:
98       http://alioth.debian.org/projects/logcheck/.
99
100       This manual page was written by Jon Middleton.
101
102
103
104                                  May 3, 2005                      Logcheck(8)
Impressum