Log files facilitate in troubleshooting of problems. A log file is a collection of events and activities that have occurred over a specified period of time. Log files contain so much detailed and repeated information. It becomes very difficult for a system administrator to go through all logs especially if the server is running multiple applications.
Logwatch is a customizable tool that analyzes your log files based on areas you specify. It then generates the report of what is happening on the server and email it to the specified address. In an earlier post, we described how to install and use Logwatch on Mint.
In today’s post, we’ll be going to explain how to install and use Logwatch on Ubuntu OS.
Note: The commands and procedure mentioned here have been tested on Ubuntu 20.04 LTS.
Installing Logwatch
It is very simple to install Logwatch on Ubuntu OS as it is part of the official Ubuntu repositories. Execute this command in the Terminal to install Logwatch:
$ sudo apt install logwatch
Enter your sudo password, and if you are asked for confirmation during installation, type y and press Enter.
During installation, you may be asked to setup postfix. Logwatch requires this step for sending you emails if needed. Select the mail server configuration depending upon your current setup and click OK.
After the installation of Logwatch is completed, you can confirm it using the command below in the Terminal:
$ logwatch --version
The output above verifies that Logwatch version 7.5.2 has been installed.
Using Logwatch
All Logwatch configurations are handled in the Logwatch default configuration file located at /usr/share/logwatch/default.conf/logwatch.conf. You can edit this file using the command below:
$ sudo nano /usr/share/logwatch/default.conf/logwatch.conf
This command will open the Logwatch configuration file in Nano editor. Here you will find various configuration options. Let’s look at some of the following options:
1. Email
The first option you need to configure is to tell Logwatch where to email the reports. In the Logwatch configuration file, search for the following line and mention your email address:
MailTo = root
You can also configure the email sender using the MailFrom option. In the Logwatch configuration file, search for the following line and mention your email address.
MailFrom = Logwatch
2. Range
You can also set the range for the reports. In the Logwatch configuration file, search for the following line:
Range = yesterday
The default option is yesterday. You can change it with today (today’s log) or All (since Logwatch was installed).
3. Report detail
You can also set the desired detail level for your log reports as Low, Medium, and High. The detail level is set to low by default. To change the default value, search for the following line in the configuration file and change it to your desired level:
Detail= Low
4. Services
Using Logwatch services option, you can generate reports for all services or some specific one. By default, Logwatch generate reports for all services (All). To change the default value, search for the below line in the Logwatch configuration file:
Service = All
To generate reports only for specific services like HTTP, FTP, SSH, remove the above line and list the desired services as follows:
Service = http
Service = ftp
Service = sshd
To run the Logwatch manually at any time, you can use the command below:
$ logwatch
As we have not specified any option in the above command, it will read all the configured options from the Logwatch configuration file.
This is how the generated report will look like:
You can also manually run Logwatch by specifying options like:
$ logwatch --detail medium --mailto email --service ftp --range yesterday
In this case, Logwatch will use the options specified in the above command.
Uninstall Logwatch
To uninstall Logwatch, use the command below:
$ sudo apt install logwatch
Enter your sudo password, and if you are asked for confirmation during installation, type y and press Enter.
In this post, we described how to install and use Logwatch on Ubuntu OS. We have also explained some of the configuration options. To find more information, visit the Logwatch man page.
Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications including CCNA RS, SCP, and ACE. As an IT engineer and technical author, he writes for various websites.
