Install Logwatch and Log analyzer – Linux

Hi all,

The log files help us to get information about the activities taking place on a server. The Logwatch is a management tool for analyzing and reporting on a server’s log files. It can be used to send information to the system administrator about the log activity as mentioned earlier.

What are log files? Logs are application-generated files useful for tracking down and understanding what has happened in the past.

Step 1: Install Logwatch
As a matter of best practice we’ll update our packages:
yum -y update
Then let’s install Logwatch and any required packages:
yum -y install logwatch
Step 2: Configuration File Locations
Local Configuration Options can be found in:
/etc/logwatch/conf/logwatch.conf
Default Configuration Options can be found in:
/usr/share/logwatch/default.conf/logwatch.conf
It is best practice to leave the Default Configuration as is, and edit the Local Configuration option, which is under /etc as listed above.
Step 3: Configuring Logwatch

  1. The e-mail address to which daily digest (reports) should be sent:
    MailTo = root
    Replace root with your email address required.
    Example: MailTo = admin@nixlinux.com
  2. The e-mail address from which reports originate:
    MailFrom = Logwatch
    You might wish to replace Logwatch with your own again.
    Example: MailFrom = admin@nixlinux.com
  3. Setting the range for the reports:
    Range = yesterday
    You have options of receiving reports for All (all available since the beginning), Today (just today) or Yesterday (just yesterday).
    Example: Range = Today
  4. Setting the reports’ detail:
    Detail = Low
    You can modify the reports’ detail here. Options are: Low, Medium and High.
    Example: Detail = Medium
  5. Setting services (applications) to be analysed:
    By default, Logwatch covers a really wide range of services. If you would like to see a full list, you can query the contents of the file scripts/services located at /usr/share/logwatch/.
    Example: ls -l /usr/share/logwatch/scripts/services
    Service = All
    You can choose to receive reports for all services or some specific ones.
    For all services, keep the line as: Service = All
    If you wish to receive reports for specific ones, modify it similar to the following example, listing each service on a new line (e.g. Service = [name]).
    Example:
    Service = sendmail Service = http Service = identd Service = sshd2 Service = sudo ..
  6. Disabling daily reports:
    #DailyReport = No
    If you do not wish to have daily repots generated, you should uncomment this line.
    Example: DailyReport = No instead of # DailyReport = No
    That’s all, now you will be able to receive daily reports based on log files from your server automatically.

Leave a Reply

Your email address will not be published. Required fields are marked *