Setting up Logwatch

Checking logs is the only way to know what’s happening with your servers and one way to check them is using Logwatch.

Installing it on Debian is easy:
apt-get install logwatch

On my virtual Debian host there was no configuration file in the expected place so I copied it from /usr/share/logwatch/default.conf folder:
cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/

Things you must change in this file are:

  • Output = mail
  • MailTo = your.mail@example.com
  • Detail = High

The rest is optional and subject to your needs. The logwatch.conf is well documented.

Create folder /var/cache/logwatch needed by logwatch as specified in logwatch.conf.
# mkdir /var/cache/logwatch

Test the setup by running:
# logwatch

To finish the automatism edit the /etc/cron.daily/00logwatch file, removing --mailto: root option to receive mails to the address we specified in logwatch.conf file.

References:

2 Responses to “Setting up Logwatch”

  1. Nico de Groot says:

    Last step (log.daily) in Squeeze not needed (anymore), it contains the parameter ‘–output mail’ which is fine.

  2. newbie says:

    Is there a way to have this installed on Windows Host or perhaps to monitor a Windows host from Debian host?