This article refers to Logwatch on Ubuntu 14.04 LTS.

Logwatch needs a mail transfer agent. Typically we use Exim4 in send-only mode.

To install Logwatch, run sudo apt-get update then install Logwatch with:

sudo apt-get install logwatch

Move config files - don’t edit the originals:

sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/

The /etc/logwatch/conf directory is first searched for files with the same name and relative location as the /usr/share/logwatch/default.conf directory. Variables declared in these files override the defaults.

From: http://www.stellarcore.net/logwatch/tabs/docs/HOWTO-Customize-LogWatch.html

If using Apache server:

sudo cp /usr/share/logwatch/default.conf/logfiles/http.conf /etc/logwatch/conf/logfiles/

Then add *combined.log files to the list

Configure Logwatch

Edit config:

sudo nano /etc/logwatch/conf/logwatch.conf

Set email address, logs to be checked/ignored etc.

Cache

This may need to be manualy created, if Logwatch throws an error:

sudo mkdir /var/cache/logwatch

…then run logwatch as sudo.

Set up a Custom Cronjob for Logwatch

Amend /etc/cron.daily/00logwatch to include the admin email:

#!/bin/bash

#Check if removed-but-not-purged
test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0

#execute
#/usr/sbin/logwatch --output mail
/usr/sbin/logwatch --mailto info@yourdomain.com

#Note: It's possible to force the recipient in above command
#Just pass --mailto address@a.com instead of --output mail

The run time is tied in to the time of the daily cron job. To change, remove /etc/cron.daily/00logwatch and add a new cronjob. Not tested:

# Run every day, @ midnight
sudo crontab -e

0 0 * * * /usr/sbin/logwatch

Resources

• https://help.ubuntu.com/community/Logwatch
• http://www.unixmen.com/installing-configuring-logwatch-ubuntu-14-04/
• https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps
• Definitive Guide on Customising Logwatch
• Even More Definitive, though focused on Gentoo