In this post we will see How to Install Logwatch in Debian 7. Logwatch is a perl based server/system log monitoring tool. It becomes very easy to monitor system logs with it. It supports mail based system log delivery to the specified mail address in the configuration file, in a nice HTML format.
The first thing that we will do here is we will setup a basic SMTP server which is only listening to the localhost. This again should not be a major concern because, with every installation of debian, the basic SMTP services listening to localhost is active. By default exim4 is installed and it takes care of SMTP. However I like postfix to take care of SMTP services, so I will go ahead and remove exim4 and install postfix.
root@example:~# apt-get remove --purge exim4 exim4-config root@example:~# apt-get install postfix bsd-mailx
While installing postfix, options to select the type of mail server and the option to select the FQDN of the mail server is presented. Just select localhost for the mail server type and you may use the FQDN of your choice.
The main configuration file of postfix “main.cf” resides in “/etc/postfix/” directory. We will take a backup of it and edit the file to make two important changes in it for the “default_transport” and “relay_transport” parameter. Taking a backup of the “main.cf” is highly recommended. If we make some unexpected changes in it, we can easily revert back.
root@example:~ cp -R /etc/postfix/main.cf /etc/postfix/main.cf.bak
By default, the “default_transport” and “relay_transport” parameter look like below pointing to a value of error. This does not allow to send mails and mail sending fails.
default_transport = error relay_transport = error
We will change it to point to a value of relay so that mail sending does not fail.
default_transport = relay relay_transport = relay
That’s it. We are done.
Next, we will install logwatch and do a basic setup for server log watching.
root@example:~# apt-get install logwatch
The main configuration file of logwatch “logwatch.conf” resides in “/usr/share/logwatch/default.conf”. We will take a backup of it.
root@example:~# cp -R /usr/share/logwatch/default.conf/logwatch.conf /usr/share/logwatch/default.conf/logwatch.conf.bak
Now we will edit the “logwatch.conf” file to change the “Output”, “Format”, “MailTo” and “Detail” parameter. The changes look something like this
Output = mail # By Default the value is set to 'stdout' Format = html # By Default the value is set to 'text' MailTo = email@example.com # By Default the value is set to 'root'. Change it your mail ID instead of 'firstname.lastname@example.org' Detail = Med # By Default the value is set to 'Low'. You may use 'High' as well.
Please note that the ‘MailTo’ value can be left pointing at ‘root’, in which case we have to define alias, which is says whom should the mails for ‘root’ be forwarded to. This alias can be defined in “/etc/aliases” file. Take a backup of it. Check the file and if not defined put an entry at the bottom of the file as below
root: email@example.com # Define your mail ID instead of 'firstname.lastname@example.org'.
Also you will need to run the command “newaliases” to incorporate this change.
Now just run the command “logwatch” and a report will be mailed to you.
Also when logwatch is installed, a cron job is also created, which runs logwatch daily and sends report in the specified mail ID.
Thats it. Now we have a daily log monitoring setup for our server ready.