Using LogWatch to monitor Linux systems

Installing Logwatch is very straight forward and it’s definitly worth taking a few minutes to do it. The format that it can send your system logs to you in is so nice and easy to read you’ll wonder how you ever kept track of your server without it.

I like logs to be mailed to me every morning. These are the steps you need to take to get a similar report:

1. Firstly run the following command to install Logwatch. I’m assuming you already have postfix and sendmail installed.
   

   apt-get install logwatch

2. The config file you need to edit is located at:
   

   /usr/share/logwatch/default.conf/logwatch.conf

3. I’d suggest replacing the following entries as follows:
   

   Line 35
   Output = mail
   Line 37
   Format = html
   Line 44
   MailTo = name@mydomain.com
   Line 45
   MailFrom = logwatch@mydomain.com
   Line 67
   Archives = No
   Line 70
   Range = yesterday
   Line 77
   Detail = Med

4. Test your logwatch configuration by running logwatch on the command line.
5. Create a new cron job to run this at 5:45AM every day. This is the time I generally get reports sent out. Backup jobs, Windows and Linux security and Logwatch reports are sent out during 5:30AM and 6AM so that things are spaced out.
   

   crontab -e
   45 5 * * * /usr/sbin/logwatch

That’s all there is too it.
Logwatch in some versions of Debian is slightly broken if you choose to format messages using HTML. To get around this you will need to download the package from source and install it. The instructions to do this are outlined below.

1. Create a temporary directory to save the files to:
   

   mkdir /tmp/logwatch
   cd /tmp/logwatch

2. Download the package from sourceforge by using the following command.
   

   wget http://ignum.dl.sourceforge.net/project/logwatch/logwatch-7.4.0/logwatch-7.4.0.tar.gz

3. Unpack the archive that you downloaded in step 2.
   

   tar xzvf logwatch*

4. cd to this directory.
   

   cd logwatch[tab]

   [tab] means that if you press the tab key on your keyboard the name of the directory / file will be automatically completed for you. When using the console this saves a lot of time.
5. Make the install file executable.
   

   chmod 777 install[tab]

6. Run the install script.
   

   ./install[tab]

7. Answer all questions with the defaults by pressing the enter key.
8. The config is now to be created in /etc/logwatch/logwatch.conf
9. Use the lines above to specify what you want to configure.

alternatively, run the following command replacing it with your own Email address of course. This runs logwatch and does not read from a configuration file.

logwatch –output mail –format html –mailto joe.bloggs@MadeUpCompany.com –archives no –range Yesterday –debug Med

source