Installing And Using Logwatch

As a server administrator or even if you just have a system thats open to the internet it's wise to keep an eye on your logs. Luckily there is a program that will do log analysis and creates a report analyzing areas that you specify and can email you the details.

Install Logwatch

Run Logwatch

It will scan your logs and show you any details that pop up out of the ordinary.

On Debian based systems the logwatch program sends an email daily of the log report. However this email by default goes to root. If you want to have this sent to your email instead you can do like I do and change your email alias file so that any email sent to root goes to your email instead

Edit Aliases File

Change the entry that says

to the following...changing YOUREMAIL@DOMAIN.COM to your own email address

Comit Your Changes

Edit Configuration

Some versions of ubuntu / linux mint will email out the logwatch results every day. But I have come across some that you have to run a crontab and configure logwatch. First open up the configuration.

Modify Entries

When the configuration file loads look in the file for the following entries and change them to the following. Make sure the MailTo and MailFrom entries are valid real address

Add A Cron Job

Now we need to set a cronjob so logwatch runs every day and emails you the results

Add the following in the file and then save and exit the file

This will send an email every day at 8am