Admin: Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "

2026-01-17T07:07:07Z

Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "

← Older revision		Revision as of 07:07, 17 January 2026
Line 1:		Line 1:
	[[Category:Wiki]]		[[Category:Wiki]]

			'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''


	== Command Usage ==		== Command Usage ==

Admin: Created page with "Category:Wiki == Command Usage == To use `logcheck`, the following basic syntax is applied: logcheck [options] Where `[options]` can vary based on the user’s preferences and the log files to be checked. == Main Options == * -s, --sendmail: This option sends the output via email to a specified recipient. * -c, --config : Specifies a custom configuration file instead..."

2025-12-14T08:40:17Z

Created page with "Category:Wiki == Command Usage == To use `logcheck`, the following basic syntax is applied: <nowiki> logcheck [options]</nowiki> Where `[options]` can vary based on the user’s preferences and the log files to be checked. == Main Options == * <nowiki>-s</nowiki>, <nowiki>--sendmail</nowiki>: This option sends the output via email to a specified recipient. * <nowiki>-c</nowiki>, <nowiki>--config</nowiki> <path>: Specifies a custom configuration file instead..."

New page

[[Category:Wiki]]

== Command Usage ==
To use `logcheck`, the following basic syntax is applied:

<nowiki>
logcheck [options]</nowiki>

Where `[options]` can vary based on the user’s preferences and the log files to be checked.

== Main Options ==

* <nowiki>-s</nowiki>, <nowiki>--sendmail</nowiki>: This option sends the output via email to a specified recipient.
* <nowiki>-c</nowiki>, <nowiki>--config</nowiki> <path>: Specifies a custom configuration file instead of the default one.
* <nowiki>-f</nowiki>, <nowiki>--filter</nowiki> <filter_name>: Uses a specific filter for parsing logs.
* <nowiki>-t</nowiki>, <nowiki>--test</nowiki>: Runs the logcheck program in test mode without sending any emails or making any changes.
* <nowiki>-i</nowiki>, <nowiki>--ignore</nowiki> <filename>: Ignores the logs in the specified file.
* <nowiki>-h</nowiki>, <nowiki>--help</nowiki>: Displays a help message with available options.

== Configuration File ==

The main configuration file for `logcheck` is located at `/etc/logcheck/logcheck.conf`. This file controls the general behavior and filtering rules that `logcheck` applies to logs. Key options in this file include:

* **MAILTO**: Defines the email address to which log summaries will be sent.
* **LOGCHECK_RE**: Sets the regular expression filters used to detect suspicious activity.
* **LOGCHECK\_FILTER**: Specifies a default filter to apply to the log files.

An example of a basic configuration entry in `/etc/logcheck/logcheck.conf`:

<nowiki>
# Define recipient email address for logcheck alerts
MAILTO="admin@example.com"

# Set the filter type to "security"
LOGCHECK_FILTER="security"</nowiki>

== Filtering Logs ==

`logcheck` uses regular expressions (regex) to filter through log files. The tool has predefined filters (e.g., for security, system, and authentication logs) but can also be customized with user-defined filters. Some common filters include:

* **Security**: Focuses on logs related to potential security breaches.
* **System**: Filters standard system events and errors.
* **Applications**: Targets logs from applications such as Apache or MySQL.

You can specify a custom filter by using the `-f` option when running `logcheck`.

Example:

<nowiki>
logcheck -f security</nowiki>

This command checks the logs against the security filter.

== Running Logcheck Automatically ==

To have `logcheck` run automatically on a schedule, you can use `cron`. A typical cron job configuration to run `logcheck` every day at midnight would look like this:

<nowiki>
0 0 * * * /usr/sbin/logcheck</nowiki>

This will execute `logcheck` daily and send the output to the configured email address.

== Example: Basic Logcheck Execution ==

Here is a basic example of running `logcheck`:

<nowiki>
logcheck -t</nowiki>

This will test the configuration and show what actions would be taken without actually sending any email.

== Example: Running Logcheck with Custom Filter ==

If you have a custom filter file, you can specify it using the `-f` flag:

<nowiki>
logcheck -f /path/to/custom_filter</nowiki>

This will apply the custom filter to your logs instead of the default one.

== Logs and Output ==

When `logcheck` runs, it reviews the relevant log files (e.g., `/var/log/messages`, `/var/log/secure`, etc.) for any events that match its filtering rules. If any such events are found, a summary report is generated. By default, this report is emailed to the address specified in the configuration file.

The output is typically categorized into levels, such as:

* **Informational**: General information on system activities.
* **Warning**: Warnings about non-critical issues.
* **Critical**: Critical system or security issues that require attention.

== Useful Links ==

* [Logcheck Official Documentation](https://man7.org/linux/man-pages/man8/logcheck.8.html)
* [Logcheck GitHub Repository](https://github.com/logcheck/logcheck)
* [Debian Package for Logcheck](https://packages.debian.org/stable/admin/logcheck)
* [Logcheck Configuration Guide](https://www.serverwatch.com/tutorials/logcheck-configuring-and-using/)

LOGCHECK - Documentation - Revision history

Admin: Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "