Monitor System Logs With Logwatch

By | 2008/11/13

I mentioned in a recent post regarding postfix smtp via Gmail that I use the logwatch utility for monitoring my systems.  Ever since I found this utility I have really enjoyed the daily snapshot that it gives me of each of my systems, whether local or remote.  Everything from package installed and removed, to security notifications regarding unsuccessful login attempts.  Here’s how to install and configure Logwatch.

Install The Package

sudo aptitude install logwatch

Configuration

The default configuration can be found in /usr/share/logwatch/default.conf/logwatch.conf.  Take a look around the file, but the main thing you might want to update:

MailTo = root updates to MailTo = user.name@domain.tld

I have my systems email me daily at my gmail address, so each morning I get an overview of the previous days logs.

If you have problems with the mail actually getting out you might want to check out my post regarding Postfix smtp via Gmail.

3 thoughts on “Monitor System Logs With Logwatch

  1. Jason

    Any flavour/version of logwatch available that doesn’t require Postfix? Or similiar application that doesn’t? It’s dependancy seems a large overkill just to send an email once a day.

    Reply
  2. Juanjo

    logwatch is very useful.

    At work we use CentOS and logwatch is installed an configured by default with httpd log analysis, pan_unix (mainly sshd logs), sshd, sendmail, xntpd, and disk usage.

    Jason: you can use http://msmtp.sourceforge.net/ and tell cron to use it instead of default sendmail (postfix), and there’s no need to have a full working MTA in order to benefit from logwatch.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *