Observe your logs with LogWatch

Requirements:

LogWatch is a software allowing you to have regular email reports about your server by analysing the logs of the server.

It is configurable so that the email is verbose or not, concerns only certain services, etc…

This tutorial is based on Ubuntu 14.04

Installation

We start by installing logwatch using APT:

sudo apt-get install logwatch

If you don't have a mailserver installed, it will automatically install one.

During the configuration select Internet Site.

Now modify the file /etc/aliases by adding the following line:

root: mymailadress@provider.tld

Make sure you adapt it with the e-mail address at which you want to receive the reports.

Then activate the new alias:

sudo newaliases

Configuration

LogWatch can be launched manually with the required parameters from the command line.
But there is also a configuration file available at /usr/share/logwatch/default.conf/logwatch.conf.

Open it using your favorite text editor.

Here is the list of the most common parameters you can modify:

  • Range = yesterday

# Range indicates the period on which LogWatch will analyze the log files. Leave it like this to receive a daily mail about the previous day.

  • MailFrom = Logwatch

# If you want to receive the mail from a specific address, you need to modify it.

  • MailTo = root

# The recipient of the mail. With the configuration we previously made, you will receive it at the address defined in /etc/aliases.

  • Service = All

# Allows you to specify the monitored services


These are the main configuration elements, please consult the default configuration file and the man page for more information!

LogWatch can also be started manually. If you want a full report on the MySQL service for today for example:

logwatch --detail High --mailto root --service mysql --range today