How to monitor server log files with Logwatch on Debian and Ubuntu

Logwatch is a system log analyzer and reporter. This tutorial covers the installation of Logwtach and explains various config options incl. reporting of notable log events by email.

Installing Logwatch.

The following command will install Logwatch n your server.

Ubuntu

sudo apt-get install logwatch

Debian

apt-get install logwatch

Configuring Logwatch.

nano /usr/share/logwatch/default.conf/logwatch.conf

After typing the above command you will see a file like:







This is what you are supposed to see in the config file. Find out the following in it:





MailTo = root change it to MailTo = [email protected]

Editing the second line is optional. It is used when you want a notification at mutiple mails.

The third line is to state that you will be receiving the mail from logwatch. After completing the above you would like to check the report range or the time in which you will receive reports.





Range = All

You might want to change it to Yesterday for reports of yesterday, Today for today's report of All for everyday report. The report that are available since the beginning will be sent.

The next options is the level of report you would like to send Low, Medium or High. After this you can also go ahead and add particular services you would like to have in your reports. By default all the services are sent in the reports but user can specify all those services by himself:







You can check the synopsis of logwatch:

logwatch [--detail level ] [--logfile log-file-group ] [--service serâ€ vice-name ] [--mailto address ] [--archives] [--range range ] [--debug level ] [--filename file-name ] [--logdir directory ] [--hostname hostâ€ name ] [--hostformat host based options ] [--output output-type ] [--format report format ] [--encode encoding to use ] [--numeric] [--version] [--help|--usage]

You can use this to use logwatch manually and skip all the above config.

logwatch --detail High --service http --mailto [email protected] --range all --logdirectory /var/cache/logwatch

The above is a custom command by a user for his own needs you my go ahead and check, what suits your needs.

Additional logwatch options

Usage information about Logwatch can be obtained through the man page:

man logwatch

The section titled "MORE INFORMATION" in the man page lists additional documentation files available with the distribution.



A summary of the command-line switches described in the man page can be obtained with the '--help' option: