Friday, October 8, 2010

Monitor System Logs with Logwatch on Cent OS /RedHat /Fedora /Ubuntu

Logwatch is a utility used to monitor system logs and create reports. These reports include failed login attempts, successful login attempts, and storage space used/available.

For Fedora/CentOS/RedHat
#yum install logwatch
For Ubuntu
$sudo apt-get install logwatch


Configure Logwatch 

Once you have installed Logwatch, you will need to configure it to email you the reports it generates. You are encouraged to look through the entire configuration, but you may safely use Logwatch after editing the lines below.
File: /usr/share/logwatch/default.conf/logwatch.conf
Output = mail
Format = html
MailTo = rajat@yeswedeal.com
MailFrom = logwatch@yeswedeal.com
These directives tell Logwatch to email you reports in an HTML format. The MailTo and MailFrom directives should be valid email addresses.
Issue the following command to test your logwatch installation:
logwatch
Once you have issued this command, you will need to check your email to make sure that logwatch is working. Be sure to check your spam folder as these emails may be seen as spam.

Adding a Cron Job for Logwatch

You can add a cron job for Logwatch in order to receive daily emails of new reports. You can add a new entry to your crontab by running crontab -e. The following example cron job runs Logwatch at 1 AM each day, issuing you an email report of the daily activity:
# m h dom mon dow   command
0 1  * * *          /usr/sbin/logwatch
Congratulations! You can now monitor system logs with Logwatch!
Posted by at

1 comment:

Unknown said...

Hey Rajat ,

Is it possible to add custom files to be monitored and logged by this tool along with having migrated over to another remote server as we have faced with some hackers gaining access and then flushing the logs by which all information of their presence on server is lost.

October 8, 2010 at 11:35 PM

Post a Comment

Subscribe to: Post Comments (Atom)