What is logwatch?
It is an awesome monitoring tool. I have it running on one of my servers. Every night I get a status report on the behavior of my server.
Perform daily log analysis every night on a host machine
Can be configured to email reports to admin users
System Administrator Usage
- Monitor host machines for all access and usage stats
- Alert suspicious usage or access attempts
- Email reports in an organized and easy to read format
Just run the following command:
sudo apt-get install logwatch
Look into the configuration file and edit the settings to reflect the email account you want reports to be sent. By default it uses local mail. Look into the email options section to get logwatch to email external accounts like Gmail.
Output = mail
Format = html
MailTo = <YOUR LOCAL EMAIL>
Email Options (For Gmail, etc.)
Either setup a mail server like postfix or utilize another agent to send out logs via email.
Here is a great tutorial
explaining an alternative to a mail server using sendmail.
Run the Reports Daily
To have logwatch run daily, set the command to the crontab.
The format for a cron job is:
(minute) (hour) (day of the month) (month) (day of the week) command
A * stands for every.
Here is an example of a crontab entry to run logwatch daily:
0 0 * * * logwatch
Below are just some screenshots of the reports I receive from the tool. The reports are outdated and I no longer use the machine they detail… just in case you were curious.