logwatch – easy summary of logs

Introduction
Beside monitoring my server with Munin, see Server monitoring with Munin. I was still watching the logfiles on my server every now and then. However there are many logfiles and as a human I am prone to be overwhelmed by the shear noise. The solution was to install logwatch. Now I receive an mail every day in nicely formated html informing about uncommon lines in my logs.

logwatch
Extract from a logwatch report

Installation and setup
Installation under Ubuntu Linux is as usual trivial

root@nobel:~# aptitude install logwatch

However where I would have assumed that the configuration files were located in /etc/logwatch/ this was not the case. To change which user to log analysis mail should be send to I edited the file

/usr/share/logwatch/default.conf/logwatch.conf

such that the Mailto line read my user id:

#MailTo = root
Mailto = tjansson

To add to the somewhat annoying configuration I wanted HTML mails and not unformatted clear text. This has to be changed in controlling perl script it self. Again this should be in a config file in /etc/logwatch/ in my opinion. In any case I changed one line in

/usr/share/logwatch/scripts/logwatch.pl

such that the mails would be html formated:

#$Config{'output'} = "unformatted";
$Config{'output'} = "html";

logwatch is now being running automatically by the /etc/cron.daily/00logwatch script once every day.

To have the mails delivered to external mail the server should be setup for this. This I will not cover but I for a simple and easy setup see http://newbiedoc.sourceforge.net/networking/exim.html.

Leave a Reply