Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Logcheck(8)		    System Manager's Manual		   Logcheck(8)

	     jjm@debian.org
       Jon Middleton 2004Jon MiddletonMay 3, 2005;

NAME
       logcheck	-- program to scan system logs for interesting lines

SYNOPSIS
       logcheck	[OPTIONS]

DESCRIPTION
       The logcheck program helps spot problems	and
	   security  violations	 in  your logfiles automatically and will send
       the
	   results to you periodically in an e-mail. By	default	logcheck  runs
       as
	   an hourly cronjob just off the hour and after every reboot.

       logcheck	supports three level of	filtering:
	   "paranoid" is for high-security machines running as few services
	   as possible.	Don't use it if	you can't handle its verbose messages.
	   "server"  is	the default and	contains rules for many	different dae-
       mons.
	   "workstation" is for	sheltered machines and	filters	 most  of  the
       messages.
	   The ignore rules work in additive manner. "paranoid"	rules are also
	   included  at	 level	"server".  "workstation"  level	 includes both
       "paranoid"
	   and "server"	rules.

       The messages reported are sorted	into three layers, system events,
	   security events and attack alerts. The verbosity of	system	events
       is
	   controlled  by which	level you choose, paranoid, server or worksta-
       tion.
	   However, security events and	attack	alerts	are  not  affected  by
       this.

EXAMPLES
       logcheck	can be invoked directly	thanks
	   to  su(8) or	sudo(8), which change the user ID. The following exam-
       ple checks the logfiles
	   without updating the	offset and outputs everything to STDOUT.

       sudo -u logcheck	logcheck -o -t

OPTIONS
       A summary of options is included	below.

       -c CFG	 Overrule default configuration	file.

       -d	 Debug mode.

       -h	 Show usage information.

       -H	 Use this hostname string in the subject of logcheck mail.

       -l LOG	 Run logfile through logcheck.

       -L CFG	 Overrule default logfiles list.

       -D DIR	 Overrule default logfiles lists directory.

       -m	 Mail report to	recipient.

       -o	 STDOUT	mode, not sending mail.

       -p	 Set the report	level to "paranoid".

       -r DIR	 Overrule default rules	directory.

       -R	 Adds "Reboot:"	to the email subject line.

       -s	 Set the report	level to "server".

       -S DIR	 Overrule default state	directory.

       -t	 Testing mode does not update offset.

       -T	 Do not	remove the TMPDIR.

       -u	 Enable	syslog-summary.

       -v	 Print current version.

       -w	 Set the report	level to "workstation".

FILES
       /usr/local/etc/logcheck/logcheck.conf is	the main configuration file.

       /usr/local/etc/logcheck/logcheck.logfiles is the	list of	files to moni-
       tor.

       /usr/local/etc/logcheck/logcheck.logfiles.d  is	the directory of lists
       of files	to monitor.

       /usr/local/share/doc/logcheck/README.logcheck-database for hints	on how
       to write, test and maintain rules.

EXIT STATUS
       0 upon success; 1 upon failure

SEE ALSO
       logtail(8)

AUTHOR
       logcheck	is developed by	Debian logcheck	Team at:
	   https://salsa.debian.org/debian/logcheck.

       This manual page	was written by Jon Middleton.

								   Logcheck(8)

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | OPTIONS | FILES | EXIT STATUS | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=logcheck&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help