Friday, October 8, 2010

Monitor System Logs with Logwatch on Cent OS /RedHat /Fedora /Ubuntu

Logwatch is a utility used to monitor system logs and create reports. These reports include failed login attempts, successful login attempts, and storage space used/available.

For Fedora/CentOS/RedHat
#yum install logwatch
For Ubuntu
$sudo apt-get install logwatch

Configure Logwatch 

Once you have installed Logwatch, you will need to configure it to email you the reports it generates. You are encouraged to look through the entire configuration, but you may safely use Logwatch after editing the lines below.
File: /usr/share/logwatch/default.conf/logwatch.conf
Output = mail
Format = html
MailTo =
MailFrom =
These directives tell Logwatch to email you reports in an HTML format. The MailTo and MailFrom directives should be valid email addresses.
Issue the following command to test your logwatch installation:
Once you have issued this command, you will need to check your email to make sure that logwatch is working. Be sure to check your spam folder as these emails may be seen as spam.

Adding a Cron Job for Logwatch

You can add a cron job for Logwatch in order to receive daily emails of new reports. You can add a new entry to your crontab by running crontab -e. The following example cron job runs Logwatch at 1 AM each day, issuing you an email report of the daily activity:
# m h dom mon dow   command
0 1  * * *          /usr/sbin/logwatch
Congratulations! You can now monitor system logs with Logwatch!
Post a Comment