Despite the fact that I am a Red Hat Certified Engineer, and manage Red Hat and CentOS for a living, I prefer running Debian 5.x (Stable) on my personal servers. The one thing that I end up needing to add to my Debian servers however is Logwatch (which is default on Red Hat). This post will outline how to install, configure and verify Logwatch on your Debian 5.x (Stable) server.
From the Logwatch home page:
Logwatch is a customizable log analysis system. Logwatch parses through your system’s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is easy to use and will work right out of the package on most systems.
Installing Logwatch
To install the Logwatch Log Monitoring tool, you’ll need to install the required package. This package should be available in the main repository and simply requires Perl and a Mail Transport Agent. Perl is something you’ll likely already have, and Exim should be installed by default (although I prefer Postfix).
Use the following command to install Logwatch:
sudo aptitude install logwatch
Configure Logwatch
Logwatch runs via cron each day and, assuming you want to receive these reports, you’ll likely want to configure it to send these reports via email. You’ll need to update the configuration to output to mail as well as define the address you’d like it to send to. This is done in the following file:
/usr/share/logwatch/default.conf/logwatch.conf
The two changes you’ll want to make are as follows:
- You should find, around line 35, a setting for Output. You’ll want to change this to mail.
- Find, around line 44, the setting for MailTo. You’ll want to change this to the email address you’d like the reports sent.
You can verify the functionality by simply running the logwatch command and checking the email account you configured.
Troubleshooting
If you find that you don’t receive an email as expected, it is likely an issue with your Mail Transport Agent (Exim, Postfix, Sendmail, etc..) Take a look at /var/log/mail.log and see if that gives you any hints.
I have run into machines where Exim, the default Mail Transport Agent, was not configured properly to be able to send email outside of the machine. You can try to reconfigure Exim by reconfiguring the package installation:
sudo dpkg-reconfigure exim4
You can also try installing something you might be more familiar with. Perhaps Postfix or Sendmail. If you install Postfix, select the “Local Only” option during installation and it should work as expected.
Hi, really nice an simple solution, I was competely lost regarding this, i was always missing the “output” line in the configuration file.
Thanks