I've got logcheck (aka logsentry) installed, and I'm wondering how I should configure it. The default configuration was to only check /var/log/messages (which doesn't exist).
At the moment I've set it up to check every thing in /var/log that ends in .log (ie. ftp.log, system.log, netinfo.log etc)
Is there anything else I should set it to check? Should I not worry about some of those logs? Also, when adding the line to logcheck.sh, I've put something like:
$LOGTAIL /var/log/system.log >> $TMPDIR/.$$
or something. I'm just wondering if I should use > or >>. Some of the entries use >, some use >>. It says you should make sure you know the difference and which one to use... The single > puts output to a file, overwriting if the file already exists, and the >> does the same, except it appends it to the end of the file if it exists, right? I'm not sure which one I should use.
Also, it says to create a tmp dir that is not read/writable for normal users, so I created a directory called "tmp" in /usr/local/etc and did chmod go-rwx on it. Then made the $TMPDIR in logcheck.sh to point to it. Is that ok?
At the moment I've set it up to check every thing in /var/log that ends in .log (ie. ftp.log, system.log, netinfo.log etc)
Is there anything else I should set it to check? Should I not worry about some of those logs? Also, when adding the line to logcheck.sh, I've put something like:
$LOGTAIL /var/log/system.log >> $TMPDIR/.$$
or something. I'm just wondering if I should use > or >>. Some of the entries use >, some use >>. It says you should make sure you know the difference and which one to use... The single > puts output to a file, overwriting if the file already exists, and the >> does the same, except it appends it to the end of the file if it exists, right? I'm not sure which one I should use.
Also, it says to create a tmp dir that is not read/writable for normal users, so I created a directory called "tmp" in /usr/local/etc and did chmod go-rwx on it. Then made the $TMPDIR in logcheck.sh to point to it. Is that ok?