The log files help us to get information about the activities taking place on a server. The Logwatch is a management tool for analyzing and reporting on a server’s log files. It can be used to send information to the system administrator about the log activity as mentioned earlier.
What are log files? Logs are application-generated files useful for tracking down and understanding what has happened in the past.
Step 1: Install Logwatch
As a matter of best practice we’ll update our packages:
yum -y update
Then let’s install Logwatch and any required packages:
yum -y install logwatch
Step 2: Configuration File Locations
Local Configuration Options can be found in:
Default Configuration Options can be found in:
It is best practice to leave the Default Configuration as is, and edit the Local Configuration option, which is under /etc as listed above.
Step 3: Configuring Logwatch
- The e-mail address to which daily digest (reports) should be sent:
MailTo = root
Replace root with your email address required.
Example: MailTo = firstname.lastname@example.org
- The e-mail address from which reports originate:
MailFrom = Logwatch
You might wish to replace Logwatch with your own again.
Example: MailFrom = email@example.com
- Setting the range for the reports:
Range = yesterday
You have options of receiving reports for All (all available since the beginning), Today (just today) or Yesterday (just yesterday).
Example: Range = Today
- Setting the reports’ detail:
Detail = Low
You can modify the reports’ detail here. Options are: Low, Medium and High.
Example: Detail = Medium
- Setting services (applications) to be analysed:
By default, Logwatch covers a really wide range of services. If you would like to see a full list, you can query the contents of the file scripts/services located at /usr/share/logwatch/.
Example: ls -l /usr/share/logwatch/scripts/services
Service = All
You can choose to receive reports for all services or some specific ones.
For all services, keep the line as: Service = All
If you wish to receive reports for specific ones, modify it similar to the following example, listing each service on a new line (e.g. Service = [name]).
Service = sendmail Service = http Service = identd Service = sshd2 Service = sudo ..
- Disabling daily reports:
#DailyReport = No
If you do not wish to have daily repots generated, you should uncomment this line.
Example: DailyReport = No instead of # DailyReport = No
That’s all, now you will be able to receive daily reports based on log files from your server automatically.