Logwatch in Debian Linux.

Nov 16, 2010 | Linux, Server administration, Technology | 0 comments

Installing Logwatch is very straight forward and it’s definitly worth taking a few minutes to do it. The format that it can send your system logs to you in is so nice and easy to read you’ll wonder how you ever kept track of your server without it.

I like logs to be mailed to me every morning. These are the steps you need to take to get a similar report:

  1. Firstly run the following command to install Logwatch. I’m assuming you already have postfix and sendmail installed.

    apt-get install logwatch

  2. The config file you need to edit is located at:

    /usr/share/logwatch/default.conf/logwatch.conf

  3. I’d suggest replacing the following entries as follows:

    Line 35
    Output = mail
    Line 37
    Format = html
    Line 44
    MailTo = name@mydomain.com
    Line 45
    MailFrom = logwatch@mydomain.com
    Line 67
    Archives = No
    Line 70
    Range = yesterday
    Line 77
    Detail = Med

  4. Test your logwatch configuration by running logwatch on the command line.
  5. Create a new cron job to run this at 5:45AM every day. This is the time I generally get reports sent out. Backup jobs, Windows and Linux security and Logwatch reports are sent out during 5:30AM and 6AM so that things are spaced out.

    crontab -e
    45 5 * * * /usr/sbin/logwatch

That’s all there is too it.

Update on 27th January 2012

Logwatch in some versions of Debian is slightly broken if you choose to format messages using HTML. To get around this you will need to download the package from source and install it. The instructions to do this are outlined below.

  1. Create a temporary directory to save the files to:

    mkdir /tmp/logwatch
    cd /tmp/logwatch

  2. Download the package from sourceforge by using the following command.

    wget http://ignum.dl.sourceforge.net/project/logwatch/logwatch-7.4.0/logwatch-7.4.0.tar.gz

  3. Unpack the archive that you downloaded in step 2.

    tar xzvf logwatch*

  4. cd to this directory.

    cd logwatch

    means that if you press the tab key on your keyboard the name of the directory / file will be automatically completed for you. When using the console this saves a lot of time.
  5. Make the install file executable.

    chmod 777 install

  6. Run the install script.

    ./install

  7. Answer all questions with the defaults by pressing the enter key.
  8. The config is now to be created in /etc/logwatch/logwatch.conf
  9. Use the lines above to specify what you want to configure.

alternatively, run the following command replacing it with your own Email address of course. This runs logwatch and does not read from a configuration file.

logwatch –output mail –format html –mailto joe.bloggs@MadeUpCompany.com –archives no –range Yesterday –debug Med

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.