Installing And Using Logwatch

As a server administrator or even if you just have a system thats open to the internet it's wise to keep an eye on your logs. Luckily there is a program that will do log analysis and creates a report analyzing areas that you specify and can email you the details.

Install Logwatch

sudo apt-get install logwatch libdate-manip-perl

Run Logwatch

sudo logwatch | less

It will scan your logs and show you any details that pop up out of the ordinary.

On Debian based systems the logwatch program sends an email daily of the log report. However this email by default goes to root. If you want to have this sent to your email instead you can do like I do and change your email alias file so that any email sent to root goes to your email instead

Edit Aliases File

sudo gedit /etc/aliases

Change the entry that says

root: root

to the following...changing YOUREMAIL@DOMAIN.COM to your own email address

root: YOUREMAIL@DOMAIN.COM

Comit Your Changes

sudo newaliases

Edit Configuration

Some versions of ubuntu / linux mint will email out the logwatch results every day. But I have come across some that you have to run a crontab and configure logwatch. First open up the configuration.

sudo gedit /usr/share/logwatch/default.conf/logwatch.conf

Modify Entries

When the configuration file loads look in the file for the following entries and change them to the following. Make sure the MailTo and MailFrom entries are valid real address

Output = mail Format = html MailTo = address_that_results@will_be_delivered_to.com MailFrom = email_address_that_results@show_up_as_being_sent_from.com

Add A Cron Job

Now we need to set a cronjob so logwatch runs every day and emails you the results

crontab -e

Add the following in the file and then save and exit the file

0 8 * * * /usr/sbin/logwatch

This will send an email every day at 8am