How to Install Logwatch on Ubuntu 20.04

Logwatch is a system log analyzer and send that report to email. It generates a summarized log report which contains sshd - authentication failures, sudo - sessions opened, vsftp failures, postfix, failed logins, disk space and more.

Logwatch can also print the report on the console. This report can be scheduled to run at specific date and time using cron.

In this tutorial we learn how to install Logwatch on Ubuntu 20.04.

Installing Logwatch on Ubuntu

Logwatch can be installed simply from the Ubuntu repository. First update the system.

$ sudo apt-get update

To install Logwatch, type:

$ apt-get install logwatch

Create a temporary directory for logwatch to work:

$ sudo mkdir /var/cache/logwatch

Logwatch Command

Logwatch command display the report on the console.

$ logwatch

You can also use options with Logwatch command to filter the report:

$ logwatch --detail high --range yesterday --service vsftpd --service postfix --service zz-disk_space --format text

Output:

################### Logwatch 7.5.2 (07/22/19) ####################
         Processing Initiated: Sat Jul 10 11:13:03 2021
         Date Range Processed: today
                               ( 2021-Jul-10 )
                               Period is day.
         Detail Level of Output: 10
         Type of Output/Format: stdout / text
         Logfiles for Host: li673-49
  ##################################################################
 --------------------- Postfix Begin ------------------------
  Summary ***
 62.872K  Bytes accepted                              64,381
    62.872K  Bytes delivered                             64,381
  ========   ==================================================
     1   Accepted                                   100.00%
 --------   --------------------------------------------------
         1   Total                                      100.00%
  ========   ==================================================
     1   Removed from queue                               1     1   Delivered                                        1
  Detail (1) 
     1   Delivered -------------------------------------------------------------------------------     1      node49.server.com
 === Delivery Delays Percentiles ============================================================
                      0%       25%       50%       75%       90%       95%       98%      100%
 
 Before qmgr      56.00     56.00     56.00     56.00     56.00     56.00     56.00     56.00
  In qmgr           0.01      0.01      0.01      0.01      0.01      0.01      0.01      0.01
  Conn setup        0.00      0.00      0.00      0.00      0.00      0.00      0.00      0.00
  Transmission      0.00      0.00      0.00      0.00      0.00      0.00      0.00      0.00
  Total            56.00     56.00     56.00     56.00     56.00     56.00     56.00     56.00
  ============================================================================================
 ---------------------- Postfix End -------------------------
 --------------------- vsftpd-messages Begin ------------------------
 Failed FTP Logins:
      (::ffff:66.249.64.177): anonymous - 2 Time(s)
      (::ffff:66.249.64.179): anonymous - 1 Time(s)
 ---------------------- vsftpd-messages End -------------------------
 --------------------- Disk Space Begin ------------------------
 Filesystem      Size  Used Avail Use% Mounted on
  /dev/sda        157G   16G  134G  11% /
  /dev/loop0       56M   56M     0 100% /snap/core18/2066
  /dev/loop1       56M   56M     0 100% /snap/core18/2074
  /dev/loop2       70M   70M     0 100% /snap/lxd/19188
  /dev/loop3       33M   33M     0 100% /snap/snapd/12159
  /dev/loop4       68M   68M     0 100% /snap/lxd/20326
  /dev/loop5       33M   33M     0 100% /snap/snapd/12398
 ---------------------- Disk Space End -------------------------
 ###################### Logwatch End #########################

Customize Logwatch

Logwatch configuration file is stored in /usr/share/logwatch/default.conf/logwatch.conf. For ease of editing, copy logwatch.conf to /etc/logwatch/conf/.

$ sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/

Basic customization are:

   Output = file|mail|stdout
   MailTo = youremailaddress@yourdomain.com
   MailFrom = logwatch@yourdomain.com
   Detail = Low, Med, High, or a number
   Service = All
   Service = service-name
   Range = Yesterday|Today|All
   Format = text|html

Output - Define where to send logwatch report

MailTo - Specify email address to send the report. For multiple recipients, use email addresses separated with a space.

Detail - This define the verbosity for the report.

Service - Specifies one or more services to parse by logwatch. All services are listed under /usr/share/logwatch/scripts/services. To select specific service, comment out Service = All and use Service = service-name.

Range - Define the time duration of the report.

Format - Report can be text or html format.

Schedule Logwatch

Using cron you can schedule logwatch to run at specific time and date.

Open crontab file:

# crontab -e

Add the following cron job to schedule logwatch to run every day at 8 AM:

0 8 * * * /sbin/logwatch

Conclusion

In this tutorial we learned how to install Logwatch on Ubuntu 20.04. For more information check man logwatch.