In this article I will give an example of installing Logwatch.
Installation command in Ubuntu/Debian:
sudo apt-get install logwatch
Installation on CentOS:
sudo yum install logwatch
You can search for logwatch on the system to find out where its files were installed, for example:
find -name "logwatch"
./usr/share/logwatch
./usr/share/doc/logwatch
./usr/sbin/logwatch
./etc/logwatch
We create the necessary directory for work:
sudo mkdir /var/cache/logwatch
sudo chown www-data:www-data /var/cache/logwatch
Copy and edit the configuration file:
sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
sudo nano /etc/logwatch/conf/logwatch.conf
From the text editor nano, use the Ctrl+X and y or n keys to exit or save changes.
In the configuration file, you can increase the detail to come more information, specifying the Detail = High.
To disable information about a specific service, you must set Service = “-name”.
In Format, you can specify the format of the text/html report.
You can also copy and configure other configuration files, for example:
sudo cp /usr/share/logwatch/default.conf/logfiles/http.conf /etc/logwatch/conf/logfiles/
Logwatch is automatically launched daily by adding it to the cron /etc/cron.daily/ scheduler directory.
To check the operation of Logwatch, you can run a command that displays the report:
sudo logwatch
Or perform the task that is added to cron, after which the report will come to the email:
sudo /etc/cron.daily/00logwatch
To remove logwatch in Ubuntu/Debian, run:
sudo apt-get remove logwatch
To remove logwatch on CentOS:
sudo yum remove logwatch
In order for logwatch to run once a week, we will specify the Range parameter in the configuration as indicated below and with the second command move the cron file of the task:
Range = between -7 days and -1 days
sudo mv /etc/cron.daily/00logwatch /etc/cron.weekly/
See also my article:
Installing Graylog on Ubuntu