Logwatch on Ubuntu

What is logwatch?

It is an awesome monitoring tool. I have it running on one of my servers. Every night I get a status report on the behavior of my server.

Logwatch benefits:

  • Perform daily log analysis every night on a host machine
  • Can be configured to email reports to admin users
  • System Administrator Usage
    • Easy setup
    • Monitor host machines for all access and usage stats
    • Alert suspicious usage or access attempts
    • Email reports in an organized and easy to read format

Simple Install

Just run the following command:
sudo apt-get install logwatch

Configuration

Look into the configuration file and edit the settings to reflect the email account you want reports to be sent. By default it uses local mail. Look into the email options section to get logwatch to email external accounts like Gmail.
vim /usr/share/logwatch/default.conf/logwatch.conf
Output = mail
Format = html
MailTo = <YOUR LOCAL EMAIL>

Email Options (For Gmail, etc.)

Either setup a mail server like postfix or utilize another agent to send out logs via email.
Here is a great tutorial explaining an alternative to a mail server using sendmail.

Run the Reports Daily

To have logwatch run daily, set the command to the crontab.
crontab -e

The format for a cron job is:
(minute) (hour) (day of the month) (month) (day of the week) command

A * stands for every.

Here is an example of a crontab entry to run logwatch daily:

0 0 * * * logwatch

 Reports

Below are just some screenshots of the reports I receive from the tool. The reports are outdated and I no longer use the machine they detail… just in case you were curious.

logwatched

logwatch2

logwatch4