Logwatch is a customizable log analysis system. It is perl-based log management tool for analyzing, summarizing and reporting on server’s log files. It is most often used to send a short digest of server’s log activity to a system admin. Logwatch collects the system’s logs and create a good format of report. Let we see how to install and configure Logwatch in our server.
First we will need to install package. Follow the below command to install package.
$ sudo apt-get install logwatch -y
# yum -y install logwatch
Verify the package using below command
$ sudo dpkg -l | grep logwatch
After installing we need to make some changes to the conf file under /usr/share/logwatch/default.conf/logwatch.conf.
# vim /usr/share/logwatch/default.conf/logwatch.conf Output = mail Format = html MailTo = [email protected]
We need to changes the above options, such how we need to get Output. By default it will be stdio, change it to mail. Format which we need to get in mail, by default it will be text. Then provide the Email ID where we need to get the Logwatch information about server.
If you want to get the logs of today we can assign Range to Today, by default it will be Yesterday. If the range is set to Yesterday we used to get the logs one-day back logs in mail.
Range = Today
Now save and close the conf file.
Email ID Setup
Now you will need to edit the 00logwatch file to append the mail where we need to get the Logs, Logwatch logs will get delivered to the below Email ID.
# vim /etc/cron.daily/00logwatch /usr/sbin/logwatch --mailto [email protected] /usr/sbin/logwatch --mailto [email protected]
Add the above line with Email ID, by default there will be /us/sbin/logwatcg –mailto .
Save and close file.
To test the Logwatch just simple run the logwatch command.