Provided by: logcheck_1.2.42ubuntu1_all bug


       logcheck — program to scan system logs for interesting lines


       logcheck [OPTIONS]


       The  logcheck  program  helps  spot problems and security violations in
       your  logfiles  automatically  and  will  send  the  results   to   you
       periodically  in  an  e-mail.  By  default  logcheck  runs as an hourly
       cronjob just off the hour and after every reboot.

       logcheck supports three level of filtering:  "paranoid"  is  for  high-
       security  machines running as few services as possible. Don’t use it if
       you can’t handle its verbose messages.  "server"  is  the  default  and
       contains  rules  for  many  different  daemons.   "workstation"  is for
       sheltered machines and filters most of the messages.  The ignore  rules
       work  in  additive  manner. "paranoid" rules are also included at level
       "server" and "workstation".

       The messages reported are sorted  into  three  layers,  system  events,
       security  events  and  attack alerts. The verbosity of system events is
       controlled by which level you choose, paranoid, server or  workstation.
       However, security events and attack alerts are not affected by this.


       logcheck  can  be  invoked  directly  thanks to su(8) or sudo(8), which
       change the user ID:

       logcheck -o -t Check the logfiles without updating the  offset.   Print
       everything to STDOUT


       A summary of options is included below.

       -c CFG    Overrule default configuration file.

       -d        Debug mode.

       -h        Show usage information.

       -H        Use this hostname string in the logcheck mail.

       -l LOG    Run logfile through logcheck.

       -L CFG    Overrule default logfiles list.

       -m        Mail report to recipient.

       -o        STDOUT mode, not sending mail.

       -p        Set the report level to "paranoid".

       -r DIR    Overrule default rules directory.

       -R        Adds "Reboot:" to the email subject line.

       -s        Set the report level to "server".

       -S DIR    Overrule default state directory.

       -t        Testing mode does not update offset.

       -T        Do not remove the TMPDIR.

       -u        Enable syslog-summary.

       -v        Print current version.

       -w        Set the report level to "workstation".


       /etc/logcheck/logcheck.conf is the main configuration file.

       /etc/logcheck/logcheck.logfiles is the list of files to monitor.

       /usr/share/doc/logcheck-database/README.logcheck-database.gz  for hints
       on how to write, test and maintain rules.




       logcheck  is   developed   by   Debian   logcheck   Team   at   alioth:

       This manual page was written by Jon Middleton.