Analyse logs with LogWatch

Posted on Sunday March 13, 2016 by Eric Potvin

Logwatch is a customizable log analysis tool. Logwatch reads through the system's logs and creates a report analyzing specific part of the system you want to monitor.

Install LogWatch

First, let's install LogWatch:

sudo apt-get install logwatch libdate-manip-perl

View report

To view a logwatch report, or its output. you can use tail or less:

sudo logwatch | less

Customize report

LogWatch allow parameters. These parameters can help you minimize reports and allow you to make them more human readable.

  • --mailto - This parameter will allow you to email a report;
  • --output - What type of output you would like;
  • --format - The format of the report;
  • --range - What date range you want the report;

More parameters are available, please read the LogWatch help for more info.

Modify LogWatch

If you want to modify LogWatch, you need to opent eh logwatch.conf file.

vi /etc/log.d/conf/logwatch.conf

You can here change the email, details and many more. It is recommended to modify the details from low to 5 or 10. This will give you more details logs.

Email report

You can email a LogWatch report if you prefer.

sudo logwatch --mailto myemail@domain.com --output mail --format html --range 'between -8 days and -1 day'

cronjob

You can run the previous command (email one) in a cronjob. This way, you can get a daily report on your systme logs.