Nov
13
Monitor System Logs With Logwatch
Filed Under Server
I mentioned in a recent post regarding postfix smtp via Gmail that I use the logwatch utility for monitoring my systems. Ever since I found this utility I have really enjoyed the daily snapshot that it gives me of each of my systems, whether local or remote. Everything from package installed and removed, to security notifications regarding unsuccessful login attempts. Here’s how to install and configure Logwatch.
Install The Package
sudo aptitude install logwatch
Configuration
The default configuration can be found in /usr/share/logwatch/default.conf/logwatch.conf. Take a look around the file, but the main thing you might want to update:
MailTo = rootupdates toMailTo = user.name@domain.tld
I have my systems email me daily at my gmail address, so each morning I get an overview of the previous days logs.
If you have problems with the mail actually getting out you might want to check out my post regarding Postfix smtp via Gmail.
If this site has been useful, please consider participating in the Fundraiser.
Other Points of Interest
Comments
3 Responses to “Monitor System Logs With Logwatch”
Leave a Comment
-
Blogroll
Subscribe to the RSS feed!
Ubuntu Tutorials Fundraiser
Please Donate to
Server Improvement
Target amount: USD1,000.00
Total Donations: USD328.00
Amount Needed: USD672.00
Thank you for your support!
Any flavour/version of logwatch available that doesn’t require Postfix? Or similiar application that doesn’t? It’s dependancy seems a large overkill just to send an email once a day.
Jason, try ssmtp
logwatch is very useful.
At work we use CentOS and logwatch is installed an configured by default with httpd log analysis, pan_unix (mainly sshd logs), sshd, sendmail, xntpd, and disk usage.
Jason: you can use http://msmtp.sourceforge.net/ and tell cron to use it instead of default sendmail (postfix), and there’s no need to have a full working MTA in order to benefit from logwatch.