Provided by: logcheck_1.3.24_all bug


       logcheck — program to scan system logs for interesting lines


       logcheck [OPTIONS]


       The  logcheck  program  helps  spot  problems  and  security  violations  in your logfiles
       automatically and will send the results to you  periodically  in  an  e-mail.  By  default
       logcheck runs as an hourly cronjob just off the hour and after every reboot.

       logcheck  supports  three  level  of  filtering:  "paranoid" is for high-security machines
       running as few services as possible.  Don't  use  it  if  you  can't  handle  its  verbose
       messages.   "server"  is  the  default  and  contains  rules  for  many different daemons.
       "workstation" is for sheltered machines and filters most  of  the  messages.   The  ignore
       rules  work  in  additive  manner.  "paranoid"  rules are also included at level "server".
       "workstation" level includes both "paranoid" and "server" rules.

       The messages reported are sorted into three layers, system  events,  security  events  and
       attack  alerts.  The  verbosity  of system events is controlled by which level you choose,
       paranoid, server or workstation.  However, security  events  and  attack  alerts  are  not
       affected by this.


       logcheck can be invoked directly thanks to su(8) or sudo(8), which change the user ID. The
       following example checks the logfiles without updating the offset and  outputs  everything
       to STDOUT.

       sudo -u logcheck logcheck -o -t


       A summary of options is included below.

       -c CFG    Overrule default configuration file.

       -d        Debug mode.

       -h        Show usage information.

       -H        Use this hostname string in the subject of logcheck mail.

       -l LOG    Run logfile through logcheck.

       -L CFG    Overrule default logfiles list.

       -D DIR    Overrule default logfiles lists directory.

       -m        Mail report to recipient.

       -o        STDOUT mode, not sending mail.

       -p        Set the report level to "paranoid".

       -r DIR    Overrule default rules directory.

       -R        Adds "Reboot:" to the email subject line.

       -s        Set the report level to "server".

       -S DIR    Overrule default state directory.

       -t        Testing mode does not update offset.

       -T        Do not remove the TMPDIR.

       -u        Enable syslog-summary.

       -v        Print current version.

       -w        Set the report level to "workstation".


       /etc/logcheck/logcheck.conf is the main configuration file.

       /etc/logcheck/logcheck.logfiles is the list of files to monitor.

       /etc/logcheck/logcheck.logfiles.d is the directory of lists of files to monitor.

       /usr/share/doc/logcheck-database/README.logcheck-database.gz  for  hints  on how to write,
       test and maintain rules.


       0 upon success; 1 upon failure




       logcheck      is       developed       by       Debian       logcheck       Team       at:

       This manual page was written by Jon Middleton.