What is Logwatch?
Logwatch is a customizable log analysis system. Logwatch collects the system’s logs and create a good format of report, We can get the log reports in our mail from any Linux distribution based Server’s. Let we see how to install and configure Logwatch in our VPS server.
My Server Setup:
IP Address : 104.xxx.xxx.8
Hostname : log.unixmenlocal.com
ifconfig | grep inet
Step 1: Installing Package:
First step we have to get the package, Let we start to Install Logwatch Package using
sudo apt-get install logwatch -y
While installation we have to choose Which type of mail delivery need to be configured Continue by choosing OK.
Choose Internet Site and continue using OK.
Choose a System mail name how it want to be mentioned in mail Subject which we used to receive from logwatch.
sudo dpkg -l | grep logwatch
At last we can see the package was installed.
Step 2: Make changes to the configuration:
After installation we need to make changes to the conf file under
We need to make changes to the following options, How we need to get the Output. By default it will be stdio, Change it to mail, format which we need to get in mail, By default it will be text. Then provide the email ID where we need to get the logwatch information about your server.
Output = mail Format = html MailTo = [email protected]
Range = Today
After making changes save and close the file using wq!
Step 3: E-mail Setup to Receive Emails
Then edit the file 00logwatch to append the mail were we need to get the Logs, Logwatch logs will get delivered to the below Email.
/usr/sbin/logwatch --mailto baxxxxxxx[email protected] /usr/sbin/logwatch --mailto [email protected]
After making changes Save and exit using wq!
Step 4: Test the Logwatch:
To test the Logwatch just simple run the logwatch command:
We will get the email as above shown.. If we get the E-mail Successfully we have did it… Cool let we see how to send mail everyday.
Step 5: Schedule Cron Jobs
If we need get log in specific time add cronjob as below, Create a Cronjob using
Append the Below Content or add the own scheduler.
# m h dom mon dow command 0 10 * * * /usr/sbin/logwatch
That’s it we have done, Successfully installed and configured logwatch, By now on-wards we used to get the Logwatch information’s with package modification’s, logs, any Suspicious log-in etc in mail everyday. Hope you came to know how to get the log information periodically through mail in text or html format using logwatch package.