How to setup Logwatch on Ubuntu Desktop/Server

Sponsored Link

Logwatch is a modular log analyser that runs every night and mails you the results. It can also be run from command line.The output is by service and you can limit the output to one particular service. The subscripts which are responsible for the output, mostly convert the raw log lines in structured format.
Logwatch generally ignores the time component in the output, that means, you will know that the reported event was logged in the requested range of time, but you will have to go to the raw log files to get the exact details.

Install logwatch using the following comamnd

sudo apt-get install logwatch

This will install all the required packages

Configuring Logwatch

First you need to make sure you server is able to send the mails outside you can do this using postfix with SMTP server configuration

Now you need to edit logwatch.conf file

sudo nano /usr/share/logwatch/default.conf/logwatch.conf

Change the following information

Output = mail
Format = html
MailTo = [email protected]

Save and exit the file

If you want to know more available options check logcheck manpage using the following command from your terminal

man logcheck

Now edit the 00logwatch file

sudo nano /etc/cron.daily/00logwatch

add the following line

/usr/sbin/logwatch --mailto [email protected]

Save and exit the file

This tool is very useful give it a try

You can check more configuration from here

Sponsored Link

You may also like...

6 Responses

  1. abiheiri says:

    I just create a .forward file in my homedir instead and insert as many emails as I like.

  2. mr. Vragec says:

    It’s posible to add ip of computer to logwatch report ?
    eg:
    ################### Logwatch 7.3.6 (05/19/07) ####################
    Processing Initiated: Tue Sep 7 06:25:07 2010
    Date Range Processed: yesterday
    ( 2010-Sep-06 )
    Period is day.
    Detail Level of Output: 0
    Type of Output/Format: mail / text
    Logfiles for Host: www2 (EXTERNAL IP)
    ##################################################################

  3. mckain says:

    I just installed it! 🙂
    Let’s see what happen,

  4. Bachsau says:

    You should copy /usr/share/logwatch/default.conf/logwatch.conf to /etc/logwatch/conf/logwatch.conf and edit it there, to preserve your settings upon package updates.

  5. Dirk says:

    You configured logwatch.conf to send mail (output = mail). Then you add to 00logwatch the command logwatch –mailto . This is doing it twice! The –mailto option can be left out because logwatch is already configured thru logwatch.conf to send out email.

    With the newer version of logwatch the 00logwatch has been replaced by 0logwatch, which does not has to be changed (command logwatch is already in there).

  6. Dirk says:

    1 tip I forgot to mention. I used MailTo = root and set the mailaddress for root in /etc/aliases.

    /etc/aliases -> at the bottom of the file -> root: mailaddress

    This way I will receive all emails to root in the given mailbox no matter from which service/application it is coming from.

Leave a Reply

Your email address will not be published. Required fields are marked *