This article shortly explain how to install and configure logwatch on your Centos/RHEL/Fedora server in order to keep an eye on it

Requirements

  • working MTA (mail transport agent) like postfix, exim, sendmail,  etc.
  • root access (or sudo privileges) on the server

Installation

Install the logwatch package as usual

# yum install logwatch -y

Copy the default configuration file

# cp -v /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/logwatch.conf

Then modify with your preferred editor as your need (see the example below)

LogDir = /var/log
TmpDir = /var/cache/logwatch
MailTo = user@yourdomain.com
MailFrom = Logwatch
Print = No
Range = between -7 days and -1 days
Detail = Med
Output = html
Service = All
Service = "-zz-network"     # Prevents execution of zz-network service, which
                            # prints useful network configuration info.
Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                            # prints useful system configuration info.
Service = "-eximstats"      # Prevents execution of eximstats service, which
                            # is a wrapper for the eximstats program.
Service = "-iptables"       # Prevent iptables service
Service = "-kernel"         # Prevent kernel service
mailer = "sendmail -t"</pre>

If you want to specify more complex range option, you need to install the perl module

Date::Manip

Install the package perl-DateManip.noarch (on Centos 5)

# yum install perl-DateManip -y

Customise services

All available services are located under

/usr/share/logwatch/scripts/services

By default, all services are defined (see below)

# grep 'Service' /etc/logwatch/conf/logwatch.conf
...
Service = All
...

Disable all services and enable one by one

For example, modify the configuration file (logwatch.conf)

Comment the line

# Service = All

Then add which script you want to enable (see example below)

Service = "iptables"
Service = "fail2ban"
Service = "yum"
Service = "http"
Service = "sshd"
Service = "postfix"
Service = "kernel"
Service = "sudo"
Service = "zz-sys"
Service = "zz-disk_space"

Define services exclusions

Service = All
Service = "-kernel"
Service = "-iptables"

Test your configuration

To test your configuration, run the logwatch command

# logwatch

Setup the crontab

By default on Centos 6, the logwatch package create a symlink in the /etc/cron.weekly directory (see below)

0anacron
0logwatch -> /usr/share/logwatch/scripts/logwatch.pl
makewhatis.cron

If you want to get an email on a daily basis on set it up in root user’s crontab, help yourself 😉

That’s it !!!

Resources

logwatch on Sourceforge