Logwatch is a log analysis tool used in Unix-like systems. It summarizes logs from various services such as Apache, PAM, SSH, and others into a single report. This report provides a summary of the system’s activity, including security-related information, for the specified time period (e.g. daily, weekly, etc.). Logwatch uses a flexible rule system to determine which log entries are interesting and important, and then formats the output into a readable report. The report is usually sent via email, although it can also be sent to a file or to standard output. Logwatch helps system administrators to monitor their systems by providing them with a concise, automated summary of log data.
If you encounter the below error while running the command logwatch:
logwatch: command not found
you may try installing the below package as per your choice of distribution:
|Debian||apt-get install logwatch|
|Ubuntu||apt-get install logwatch|
|Arch Linux||pacman -S logwatch|
|Kali Linux||apt-get install logwatch|
|CentOS||yum install logwatch|
|Fedora||dnf install logwatch|
|Raspbian||apt-get install logwatch|
logwatch Command Examples
1. Analyze logs for a range of dates at a certain level of detail:
# logwatch --range yesterday|today|all|help --detail low|medium|others'
2. Restrict report to only include information for a selected service:
# logwatch --range all --service apache|pam_unix|etc