Dev Notes

Various Cheat Sheets and Resources by David Egan/Carawebs.

Setup Logwatch

Linux, Server, Sysadmin
David Egan

This article refers to Logwatch on Ubuntu 14.04 LTS.

Logwatch needs a mail transfer agent. Typically we use Exim4 in send-only mode.

To install Logwatch, run sudo apt-get update then install Logwatch with:

sudo apt-get install logwatch

Move config files - don’t edit the originals:

sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/

The /etc/logwatch/conf directory is first searched for files with the same name and relative location as the /usr/share/logwatch/default.conf directory. Variables declared in these files override the defaults.


If using Apache server:

sudo cp /usr/share/logwatch/default.conf/logfiles/http.conf /etc/logwatch/conf/logfiles/

Then add *combined.log files to the list

Configure Logwatch

Edit config:

sudo nano /etc/logwatch/conf/logwatch.conf

Set email address, logs to be checked/ignored etc.


This may need to be manualy created, if Logwatch throws an error:

sudo mkdir /var/cache/logwatch

…then run logwatch as sudo.

Set up a Custom Cronjob for Logwatch

Amend /etc/cron.daily/00logwatch to include the admin email:


#Check if removed-but-not-purged
test -x /usr/share/logwatch/scripts/ || exit 0

#/usr/sbin/logwatch --output mail
/usr/sbin/logwatch --mailto

#Note: It's possible to force the recipient in above command
#Just pass --mailto instead of --output mail

The run time is tied in to the time of the daily cron job. To change, remove /etc/cron.daily/00logwatch and add a new cronjob. Not tested:

# Run every day, @ midnight
sudo crontab -e

0 0 * * * /usr/sbin/logwatch


comments powered by Disqus