Content:: Logwatch

Logwatch setup and configuration
Last Modified: 2013-02-12
Logwatch is a great tool to help you watch your logs. It will parse your logs and get the important information in a short and easy to skim report. The report is also emailed to a specified email address.

Table of Contents
Installing Logwatch
# apt-get install logwatch
Configuring Logwatch
Track down the example configurations # find / -name logwatch.conf
Copy configuration files to where we need them. # cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
Running as the default configurations will give you just about everything you need. You may however want to change the default mail location.

Make another copy so we have an easy to find reference. # cp /etc/logwatch/conf/logwatch.conf /etc/logwatch/conf/logwatch.orig.conf
# nano /etc/logwatch/conf/logwatch.conf
MailTo =

Verify the cache folder defined in the configuration "TmpDir" exists. By default Debian sets it to "/var/cache/logwatch" # ls /var/cache/logwatch/ If it does not exist make it. # mkdir /var/cache/logwatch/
Troubleshooting Logwatch
Running the cron.daily script manually results in an error regarding the /var/cache/logwatch directory.
/var/cache/logwatch No such file or directory at /usr/sbin/logwatch line 632.
# mkdir /var/cache/logwatch/

/var/log/mail logs will be empty until you install sendmail-bin. # apt-get install sendmail-bin