Introduction
Logwatch is a simple log analysis tool provided with most Linux distributions. A daily scheduled cron job parses the various system logs and sends a log summary to the root user or a defined destination email address.
Requirements
- Red Hat Enterprise Linux (RHEL) or Debian based distributions (CentOS, Fedora, Ubuntu, etc).
Install Logwatch
Logwatch, if not already available, can be installed on CentOS or RHEL using YUM.
yum -y install logwatch
Install on Ubuntu or Debian with apt-get
.
apt-get -y install logwatch
Note: Logwatch requires a functional mail system to deliver the log summary. The package management system will typically handle this dependency, but additional configuration may be necessary if the host is unable to send email.
Configure Logwatch
The email report will be delivered to the local root
user by default. To specify an alternate email address, create a new file called /etc/logwatch/conf/logwatch.conf
and add the following line.
MailTo = [email protected]
The default log summary email will be in standard text format. The email format can be changed to HTML by setting the Format
value in the same logwatch.conf
file.
Format = html
The email sender can be changed from Logwatch to another local user or email address by setting the MailFrom
value.
MailFrom = [email protected]
The summary includes a list of services that list can be found in the /usr/share/logwatch/scripts/services/
directory. Those services can be excluded from the summary by prepending a hyphen to the Service
name value.
Service = All
Service = "-ftpd-xferlog"
The service All
value can also be replaced by a specific name if only that service log should be analyzed.
Additional customizations to logwatch.conf
can be found in the default global configuration file.
/usr/share/logwatch/default.conf/logwatch.conf
The logwatch
process can be run manually with a variety of parameters for testing purposes.
/usr/sbin/logwatch --mailto [email protected] --format html --service secure
Views: 142