Installing And Configuring Logwatch In Ubuntu 14.04

What is Logwatch?

Logwatch is a customizable log analysis system. Logwatch collects the system’s logs and create a good format of report, We can get the log reports in our mail from any Linux distribution based Server’s. Let we see how to install and configure Logwatch in our VPS server.

My Server Setup:

IP Address   :   104.xxx.xxx.8
Hostname    :   log.unixmenlocal.com
ifconfig | grep inet
hostnamectl

logwatch_ip

Step 1: Installing Package:

First step we have to get the package, Let we start to Install Logwatch Package using

sudo apt-get install logwatch -y

log installing package

While installation we have to choose Which type of mail delivery need to be configured Continue by choosing OK.

log mail select

Choose Internet Site and continue using OK.

log hostname

Choose a System mail name how it want to be mentioned in mail Subject which we used to receive from logwatch.

log grep

sudo dpkg -l | grep logwatch

At last we can see the package was installed.

Step 2: Make changes to the configuration:

After installation we need to make changes to the conf file under

vim /usr/share/logwatch/default.conf/logwatch.conf

log edit conf

We need to make changes to the following options, How we need to get the Output. By default it will be stdio, Change it to mail, format which we need to get in mail, By default it will be text. Then provide the email ID where we need to get the logwatch information about your server.

 Output = mail
 Format = html
 MailTo = [email protected]

log conf changesIf we need to get the logs of today we can assign Range to Today, By default it will be Yesterday, If the range is Yesterday we used to get the logs one-day back logs in mail.

Range = Today

After making changes save and close the file using wq!

Step 3: E-mail Setup to Receive Emails

Then edit the file 00logwatch to append the mail were we need to get the Logs, Logwatch logs will get delivered to the below Email.

vim /etc/cron.daily/00logwatch

log cron setupAdd the following line with email ID. By default there will be /us/sbin/logwatcg –mailto comment it using # And add the below content.

/usr/sbin/logwatch --mailto baxxxxxxxxx[email protected]
/usr/sbin/logwatch --mailto [email protected]

log mail settings

After making changes Save and exit using wq!

Step 4: Test the Logwatch:

To test the Logwatch just simple run the logwatch command:

logwatch

 log mail

We will get the email as above shown.. If we get the E-mail Successfully we have did it… Cool let we see how to send mail everyday.

Step 5: Schedule Cron Jobs

If we need get log in specific time add cronjob as below, Create a Cronjob using

crontab -e

Append the Below Content or add the own scheduler.

# m h dom mon dow command
0 10 * * * /usr/sbin/logwatch

log cron entry

That’s it we have done, Successfully installed and configured logwatch, By now on-wards we used to get the Logwatch information’s with package modification’s, logs, any Suspicious log-in etc in mail everyday. Hope you came to know how to get the log information periodically through mail in text or html format using logwatch package.