Logcheck/es

This guide shows you how to analyze system logs with logcheck.

Background
is an updated version of (from the  package), which is a tool to analyze the system logs. Additionally, comes with a built-in database of common, not-interesting log messages to filter out the noise. The general idea of the tool is that all messages are interesting, except the ones explicitly marked as noise. periodically sends you an e-mail with a summary of interesting messages.

Installing logcheck
Now you can proceed with the installation of logcheck.

Basic configuration
creates a separate user "logcheck" to avoid running as root. Actually, it will refuse to run as root. To allow it to analyze the logs, you need to make sure they are readable by logcheck. Here is an example for :

/etc/syslog-ng/syslog-ng.conf snippet

Now reload the configuration and make sure the changes work as expected.

You should now adjust some basic  settings in.

Basic /etc/logcheck/logcheck.conf setup

You also have to tell  which log files to scan.

Basic /etc/logcheck/logcheck.logfiles setup

Finally, enable the logcheck cron job.

Congratulations! Now you will be regularly getting important log messages by email. An example message looks like this:

Example logcheck message

General tips
You can use the logcheck's  switch to display more debugging information. Example:

Acknowledgements
We would like to thank the following authors and editors for their contributions to this guide:


 * phajdan.jr
 * nightmorph