[Logwatch-Devel] Musings on logwatch functionality
ross at trapezenetworks.com
Sun Sep 16 16:37:59 MST 2007
Just to start out- logwatch kicks a lot of butt; I reguard it as an
essential part of my monitoring systems. I'm managing the IT
infrastructure for a mid-size company, so I'm getting to the point of
needing to centralize my views a bit more. There are a few things I'd
like to convince logwatch to start doing, and a few different ways to
make that happen, so I'm posting this note in hopes it helps define user
needs for the developers. I'm also very interested in making some code
contributions to logwatch soon. I'm hoping my contributions are
Currently, I've got logwatch running on about 30 different servers, and
it emails me the output from them individually. This is useful, but it
doesn't scale very well; when more than one person wants to review the
output, it quickly becomes much more useful to drop the results onto a
Dropping the results from multiple hosts into a network shared
directory is one way to accomplish this; it's simple, and it doesn't
require much configuration work. The downside to this is multiple
platforms; logwatch can analyze results from platforms it's incapable
of running on. This drives you towards creating a central logging host,
directing the logging from all your devices to it, and running logwatch
on that central host.
My idea of the ideal setup involves pointing all hosts to log to a
central host and running logwatch on that host. Use -format html, and
generate individual pages for each host daily. Lastly, generate an
index page which allowed you to navigate those pages efficiently.
Once you get to this point, there are some really cool places you could
go with it.
1. Allow "picking" of the host and date from the index page; The
index page generated could provide direct links for each host split from
the last night, and generate a dropdown for picking your host, and a
calendar for picking the date you want to look at historical logs for.
2. Allow running logwatch against a user-defined
host/service/time-period, generating a report on-the-fly.
3. If you want to get really crazy, we could conceivably get
logwatch to produce graphs of specific items over time; For example, if
logwatch is extracting the number of failed login attempts on an SSH
server, we might want to look at a graph of that.
Item 3 is a bit "out there", but it's still pretty feasible. There are
other solutions for graphing things, but most of them aren't focused on
the longer timescales, and there are almost certainly graphable items
which can be extracted from logfiles which aren't easily available from
other data sources; I don't know any other solutions which could
generically graph info extracted from logfiles.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Logwatch-Devel