Log files facilitate in troubleshooting of problems within the system. A log file is a collection of events and activities that have occurred over a specified period of time. Log files contain so much detailed and repeated information. It becomes very difficult for a system administrator to go through all logs especially if the server is running multiple applications.

Logwatch is a customizable tool that analyzes your log files based on areas you specify. It then generates the report of what is happening on the server and email it to the specified address.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Linux System Monitoring queries.

In this context, we shall look into how to install and use Logwatch on Ubuntu 20.04 LTS.

Previously, we dealt with how to install and use Logwatch on Linux Mint.

How to Install Logwatch on Ubuntu ?

Logwatch is shipped with Ubuntu OS by default. Therefore to install it, simply run the following command:

$ sudo apt install logwatch

Enter your sudo password, and if you are asked for confirmation during installation, type y and press Enter.

During installation, you may be asked to setup postfix. Logwatch requires this step for sending you emails if needed. Select the mail server configuration depending upon your current setup and click OK.

After the installation of Logwatch is completed, you can confirm it using the command below in the Terminal:

$ logwatch --version

How to use Logwatch ?

All Logwatch configurations are handled in the Logwatch default configuration file located at /usr/share/logwatch/default.conf/logwatch.conf. You can edit this file using the command below:

$ sudo nano /usr/share/logwatch/default.conf/logwatch.conf

This command will open the Logwatch configuration file in Nano editor. Here you will find various configuration options. Let's look at some of the following options:

1. Email

The first option you need to configure is to tell Logwatch where to email the reports. In the Logwatch configuration file, search for the following line and mention your email address:

MailTo = root

You can also configure the email sender using the MailFrom option. In the Logwatch configuration file, search for the following line and mention your email address:

MailFrom = Logwatch

2. Range

You can also set the range for the reports. In the Logwatch configuration file, search for the following line:

Range = yesterday

The default option is yesterday. You can change it with today (today's log) or All (since Logwatch was installed).

3. Report detail

You can also set the desired detail level for your log reports as Low, Medium, and High. The detail level is set to low by default. To change the default value, search for the following line in the configuration file and change it to your desired level:

Detail= Low

4. Services

Using Logwatch services option, you can generate reports for all services or some specific one. By default, Logwatch generate reports for all services (All). To change the default value, search for the below line in the Logwatch configuration file:

Service = All

To generate reports only for specific services like HTTP, FTP, SSH, remove the above line and list the desired services as follows:

Service = http
Service = ftp
Service = sshd

To run the Logwatch manually at any time, you can use the command below:

$ logwatch

As we have not specified any option in the above command, it will read all the configured options from the Logwatch configuration file.

You can also manually run Logwatch by specifying options like:

$ logwatch --detail medium --mailto email --service ftp --range yesterday

Here, Logwatch will use the options specified in the above command.

How to Uninstall Logwatch from Ubuntu Linux System ?

To uninstall Logwatch, use the command below:

$ sudo apt install logwatch

Enter your sudo password, and if you are asked for confirmation during installation, type y and press Enter.

[Need help in setting up Logwatch on Debian Linux System ? We can help you. ]