| by Scott Kilroy | No comments

Linux log review with logwatch

You know how important it is to do a daily log review. But you also know how much of a drag it is, and that you’d rather take a severe beating. Fortunately, there are various utilities that can make the job easier. Of the various choices in the normal Linux distro repositories, Logwatch is a perfect tool that we can use for this task.

To deliver its messages, Logwatch requires that the machine also has a running mail server daemon. Depending on the options you chose when installing the operating system, you might or might not already have the Postfix mail server installed. When Postfix is set up as a local server, it will deliver system messages to the root user’s local account.

To view the Logwatch summaries on the local machine, you’ll also need to install a text- mode mail reader, such as mutt.

1. Install Logwatch, mutt and Postfix with the following command

#apt install postfix mutt logwatch

2. Create a mail spool file for your user account

#touch /var/mail/your_user_name

3. Forward the root user’s mail to your own normal account

Open the /etc/aliases file in your favorite text editor. Configure it to forward the root user’s mail to your own normal account by adding the following line at the bottom of the file:

root: your_user_name

4. Save the file, and then copy the information from it to a binary file that the system can read. Do that with this:

#sudo newaliases

At this point, you have a fully operational implementation of Logwatch that will deliver daily log summaries with a low level of detail.

5. To see the default configuration, look at the default configuration file:

#less /usr/share/logwatch/default.conf/logwatch.conf

6. To change the configuration, edit the /etc/logwatch/conf/logwatch.conf file. Change to a medium level of logging detail by adding this line

Detail = Med

7. Perform some actions that will generate some log entries and view your log summary by using this command

#mutt

 

The post Linux log review with logwatch appeared first on The Linux Juggernaut.

Share Button

no related pages

Source: The Linux Juggernaut

Leave a Reply