What is Logwatch?
Logwatch is a customizable log analysis system. Logwatch collects the system’s logs and create a good format of report, We can get the log reports in our mail from any Linux distribution based Server’s. Let we see how to install and configure Logwatch in our VPS server.
My Server Setup:
IP Address : 104.xxx.xxx.8
Hostname : log.unixmenlocal.com
ifconfig | grep inet
hostnamectl
Step 1: Installing Package:
First step we have to get the package, Let we start to Install Logwatch Package using
sudo apt-get install logwatch -y
While installation we have to choose Which type of mail delivery need to be configured Continue by choosing OK.
Choose Internet Site and continue using OK.
Choose a System mail name how it want to be mentioned in mail Subject which we used to receive from logwatch.
sudo dpkg -l | grep logwatch
At last we can see the package was installed.
Step 2: Make changes to the configuration:
After installation we need to make changes to the conf file under
vim /usr/share/logwatch/default.conf/logwatch.conf
We need to make changes to the following options, How we need to get the Output. By default it will be stdio, Change it to mail, format which we need to get in mail, By default it will be text. Then provide the email ID where we need to get the logwatch information about your server.
Output = mail Format = html MailTo = baxxxxxxxxx@live.com
If we need to get the logs of today we can assign Range to Today, By default it will be Yesterday, If the range is Yesterday we used to get the logs one-day back logs in mail.
Range = Today
After making changes save and close the file using wq!
Step 3: E-mail Setup to Receive Emails
Then edit the file 00logwatch to append the mail were we need to get the Logs, Logwatch logs will get delivered to the below Email.
vim /etc/cron.daily/00logwatch
Add the following line with email ID. By default there will be /us/sbin/logwatcg –mailto comment it using # And add the below content.
/usr/sbin/logwatch --mailto baxxxxxxxxxxx@live.com /usr/sbin/logwatch --mailto webmaster@unixmen.com
After making changes Save and exit using wq!
Step 4: Test the Logwatch:
To test the Logwatch just simple run the logwatch command:
logwatch
We will get the email as above shown.. If we get the E-mail Successfully we have did it… Cool let we see how to send mail everyday.
Step 5: Schedule Cron Jobs
If we need get log in specific time add cronjob as below, Create a Cronjob using
crontab -e
Append the Below Content or add the own scheduler.
# m h dom mon dow command 0 10 * * * /usr/sbin/logwatch
That’s it we have done, Successfully installed and configured logwatch, By now on-wards we used to get the Logwatch information’s with package modification’s, logs, any Suspicious log-in etc in mail everyday. Hope you came to know how to get the log information periodically through mail in text or html format using logwatch package.