Analyse logs with LogWatch
Posted on Sunday March 13, 2016 by Eric Potvin
Logwatch is a customizable log analysis tool. Logwatch reads through the system's logs and creates a report analyzing specific part of the system you want to monitor.
First, let's install LogWatch:
sudo apt-get install logwatch libdate-manip-perl
To view a logwatch report, or its output. you can use
sudo logwatch | less
LogWatch allow parameters. These parameters can help you minimize reports and allow you to make them more human readable.
- --mailto - This parameter will allow you to email a report;
- --output - What type of output you would like;
- --format - The format of the report;
- --range - What date range you want the report;
More parameters are available, please read the LogWatch help for more info.
If you want to modify LogWatch, you need to opent eh
You can here change the email, details and many more. It is recommended to modify the details from
5 or 10. This will give you more details logs.
You can email a LogWatch report if you prefer.
sudo logwatch --mailto firstname.lastname@example.org --output mail --format html --range 'between -8 days and -1 day'
You can run the previous command (email one) in a cronjob. This way, you can get a daily report on your systme logs.