Logwatch parses through the system’s logs and creates a detailed report.
To install logwatch:
apt-get install logwatch
To see a default report of all the configured logfiles, just execute:
logwatch
In order to specify a more detailed report for a specific group of logfiles:
logwatch --logfile maillog --detail 10
The --logfile flag does not point to a specific logfile (as you might assume from the name), but instead is a group of files. The groups are defined in /usr/share/logwatch/default.conf/logfiles/.
With the --detail flag you can change the amount of information included in the report. Common settings are 0 (default), 5 and 10.
For example, with the maillog report the detail level of 10 will show all information, but a level of 5 will not show the list of all blocked spam messages. It will show the list of successfull logins, which the level of 0 doesn’t do.
By default logwatch will generate a report for yesterday, but with the --range flag it is possible to specify how many days should be included in the report. To see which ranges are available:
logwatch --range Help
Scheduled reports
Using a cronjob it is possible to schedule reports on a regular basis. These settings will send a general report each week and a detailed report on a daily basis.
# Send a logwatch report for the mail services (daily detailed report and weekly general report).
0 1 * * * /usr/sbin/logwatch --logfile maillog --range 'yesterday' --detail 10
0 1 * * sun /usr/sbin/logwatch --logfile maillog --range 'between -6 days and -1 days' --detail 1
logwatch will set up its own cronjob in /etc/cron.daily/00logwatch. This job will be executed each day at 6:25 in the morning and the results will be send to root. If you have set up your own cronjob, you can delete the file so you don’t get multiple reports.
Errors
In the reports that logwatch will send some error messages will also be included. Read more on how to fix these common errors.