先日、CentOS 7にlogwatchをインストールしました。
集計期間の設定が logwatch.confには”The current choices are All, Today, Yesterday“と書かれているだけです。
毎日、前日分を集計してメール送信するだけならRange = yesterdayでいいのですが、もっと柔軟に期間を指定できないのかな?ってことでmanページを読んだら--range help
でヘルプが表示できました。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# logwatch --range help This system has the Date::Manip module loaded, and therefore you may use all of the valid --range parameters. The format of the range option is: --range "date_range [period]" Parameter date_range (and optional period) must be enclosed in quotes if it is more than one word. The default for date_range is "yesterday". Valid instances of date_range have one of the following formats: yesterday today all date1 between date1 and date2 since date1 For the above, date1 and date2 have values that can be parsed with the Date::Manip perl module. Valid instances of the optional parameter period have one of the following formats: for (that|this) (year|month|day|hour|minute|second) for those (years|months|days|hours|minutes|seconds) The period defines the resolution of the date match. The default is "for that day". Examples: --range today --range yesterday --range '4 hours ago for that hour' --range '-3 days' --range 'since 2 hours ago for those hours' --range 'between -10 days and -2 days' --range 'Apr 15, 2005' --range 'first Monday in May' --range 'between 4/23/2005 and 4/30/2005' --range '2005/05/03 10:24:17 for that second' (The last entry might be used by someone debugging a log or filter.) A caution about efficiency: a range of "yesterday for those hours" will search for log entries for the last 24 hours, and is innefficient because it searches for individual matches for each hour. A range of "yesterday" will search for log entries for the previous day, and it searches for a single date match. |
試しにscriptを作成してみました。
- 先月分を集計してファイルに出力する
- 7日間分を集計してメールで送信する
1 2 3 4 5 6 7 8 9 |
#!/bin/bash # 9/28/2016 create by RootLinks Co., Ltd LANG=C YEAR=`date -d '1 months ago' '+%Y'` MONTH=`date -d '1 months ago' '+%-m'` EOM=`date -d${MONTH}/1/${YEAR}-1days+1month '+%m/%d/%Y'` /usr/sbin/logwatch --range "between ${MONTH}/1/${YEAR} and ${EOM}" --output file --filename /var/log/logwatch |
出力サンプル
1 2 3 4 5 6 7 8 9 10 |
################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Sep 28 22:27:54 2016 Date Range Processed: between 8/1/2016 and 08/31/2016 ( 2016-Aug-01 / 2016-Aug-31 ) Period is day. Detail Level of Output: 10 Type of Output/Format: stdout / text Logfiles for Host: host.hogehoge.co.jp ################################################################## (snip) |
1 2 3 4 5 |
#!/bin/bash # 9/28/2016 create by RootLinks Co., Ltd LANG=C /usr/sbin/logwatch --range "between -7 days and -1 days" --output mail --detail low |
出力サンプル
1 2 3 4 5 6 7 8 9 10 |
################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Sep 28 22:50:27 2016 Date Range Processed: between -7 days and -1 days ( 2016-Sep-21 / 2016-Sep-27 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: host.hogehoge.co.jp ################################################################## (snip) |
それぞれ目的に応じてcronで定期実行するように組み込めばかなり使えますね。