All of applications in the Linux create log files to keep track of activities. A good log file should be as detailed as posible in order to help the administrator, who have the responsibility of maintaining the system, find the exact information needed for a certain purpose. This is where Logwatch, a perfect application that designed for this job.
Using YUM to install logwatch, run the folloing:
# yum install -y logwatch
To install logwatch on Ubuntu, run the folloing:
#sudo apt-get install -y logwatch
The default configuration file for logwatch on linux(Ubuntu/CentOs) is located at:
Let us open up this file in order to modify the variables:
#sudo vim /usr/share/logwatch/default.conf/logwatch.conf
In order to begin using the logwatch, we will need to make a few changes to these valiables. The important options which we need to set:
MailTo = root
Replace root with your email address:
MailTo = firstname.lastname@example.org
Range = yesterday
You have options of receiving reports for All (all available since the beginning), Today (just today) or Yesterday (just yesterday).
Detail = Low
You can modify the reports detail level here. Options are: Low, Medium and High.
By default, the logwatch covers a wide range of services/application. If you would like to see a full list, running the following:
ls -l /usr/share/logwatch/scripts/services
You can choose to receive reports for all services or some specific ones.
To keep the line as: Service = All
If you want to disable specific services, listing each service after the “Service = All”:
Service= "-http" Service= "-cron" Service= "-dpkg" Service= "-postfix"
If you wish to receive reports for specific ones, modify it similar to the following example, listing each service on a new line:
Service = sendmail Service = http Service = identd Service = sshd2 Service = sudo
To run the Logwatch manually whenever you need through the command line(Unless you specify an option, it will be read from the configuration file):
logwatch --range today --print --mailto email@example.com
logwatch --service sshd --print