Installing logwatch on Ubuntu

Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. And I recommend anybody with a VPS or better to consider installing this (and then actually READ their daily emails) to stay ahead of any potential abuse by malicious scripts and users.

Make sure your server can properly mail out to your personal e-mail by the way. Otherwise this is useless.

Install:
sudo apt-get update
sudo apt-get install logwatch

Sometimes you need to create the cache dir:
sudo mkdir /var/cache/logwatch

Copy the configuration for organizational reasons:
sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/

Edit the configuration file to your preferences: (can use vim or whatever)
sudo nano -w /etc/logwatch/conf/logwatch.conf

I suggest the following values:
Output = mail
Format = html
MailTo = whatever@example.com
Detail = Med

There are several configuration files per service in the /usr/share/logwatch/default.conf/logfiles/ path.

To enable a service report copy it at /etc/logwatch/conf/logfiles/ for example:
cp /usr/share/logwatch/default.conf/logfiles/http.conf /etc/logwatch/conf/logfiles/

Resources:
For More Information man logwatch
And: https://help.ubuntu.com/community/Logwatch


 
Next Article