Logwatch parses through the system’s logs and creates a detailed report.
apt-get install logwatch
To see a default report of all the configured logfiles, just execute:
In order to specify a more detailed report for a specific group of logfiles:
logwatch --logfile maillog --detail 10
--logfile flag does not point to a specific logfile (as you might assume from the name), but instead is a group of files. The groups are defined in
--detail flag you can change the amount of information included in the report. Common settings are
For example, with the maillog report the detail level of
10 will show all information, but a level of
5 will not show the list of all blocked spam messages. It will show the list of successfull logins, which the level of
0 doesn’t do.
logwatch will generate a report for yesterday, but with the
--range flag it is possible to specify how many days should be included in the report. To see which ranges are available:
logwatch --range Help
Using a cronjob it is possible to schedule reports on a regular basis. These settings will send a general report each week and a detailed report on a daily basis.
# Send a logwatch report for the mail services (daily detailed report and weekly general report). 0 1 * * * /usr/sbin/logwatch --logfile maillog --range 'yesterday' --detail 10 0 1 * * sun /usr/sbin/logwatch --logfile maillog --range 'between -6 days and -1 days' --detail 1
logwatch will set up its own cronjob in
/etc/cron.daily/00logwatch. This job will be executed each day at 6:25 in the morning and the results will be send to
root. If you have set up your own cronjob, you can delete the file so you don’t get multiple reports.
In the reports that
logwatch will send some error messages will also be included. Read more on how to fix these common errors.