Analyse logs with LogWatch

Posted on Sunday March 13, 2016 / by Eric Potvin

Logwatch is a customizable log analysis tool. Logwatch reads through the system's logs and creates a report analyzing specific part of the system you want to monitor.

Install LogWatch

First, let's install LogWatch:

sudo apt-get install logwatch libdate-manip-perl

View report

To view a logwatch report, or its output. you can use tail or less:

sudo logwatch | less

Customize report

LogWatch allow parameters. These parameters can help you minimize reports and allow you to make them more human readable.

More parameters are available, please read the LogWatch help for more info.

Modify LogWatch

If you want to modify LogWatch, you need to opent eh logwatch.conf file.

vi /etc/log.d/conf/logwatch.conf

You can here change the email, details and many more. It is recommended to modify the details from low to 5 or 10. This will give you more details logs.

Email report

You can email a LogWatch report if you prefer.

sudo logwatch --mailto myemail@domain.com --output mail --format html --range 'between -8 days and -1 day'

cronjob

You can run the previous command (email one) in a cronjob. This way, you can get a daily report on your systme logs.