Installing and configuring Logwatch

In this article I will give an example of installing Logwatch.
Installation command in Ubuntu/Debian:

sudo apt-get install logwatch

Installation on CentOS:

sudo yum install logwatch

You can search for logwatch on the system to find out where its files were installed, for example:

find -name "logwatch"
./usr/share/logwatch
./usr/share/doc/logwatch
./usr/sbin/logwatch
./etc/logwatch

We create the necessary directory for work:

sudo mkdir /var/cache/logwatch
sudo chown www-data:www-data /var/cache/logwatch

Copy and edit the configuration file:

sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
sudo nano /etc/logwatch/conf/logwatch.conf

From the text editor nano, use the Ctrl+X and y or n keys to exit or save changes.
In the configuration file, you can increase the detail to come more information, specifying the Detail = High.
To disable information about a specific service, you must set Service = “-name”.
In Format, you can specify the format of the text/html report.

You can also copy and configure other configuration files, for example:

sudo cp /usr/share/logwatch/default.conf/logfiles/http.conf /etc/logwatch/conf/logfiles/

Logwatch is automatically launched daily by adding it to the cron /etc/cron.daily/ scheduler directory.

To check the operation of Logwatch, you can run a command that displays the report:

sudo logwatch

Or perform the task that is added to cron, after which the report will come to the email:

sudo /etc/cron.daily/00logwatch

To remove logwatch in Ubuntu/Debian, run:

sudo apt-get remove logwatch

To remove logwatch on CentOS:

sudo yum remove logwatch

In order for logwatch to run once a week, we will specify the Range parameter in the configuration as indicated below and with the second command move the cron file of the task:

Range = between -7 days and -1 days
sudo mv /etc/cron.daily/00logwatch /etc/cron.weekly/

See also my article:
Installing Graylog on Ubuntu

Leave a comment

Leave a Reply