Logwatch is a Linux application that parses log files, analyses them and sends periodical reports, based on specific criteria, to one or more email addresses.
In order to install logwatch in linux CentOS you have to issues the following command:
yum install logwatch
Edit the configuration file:
nano /usr/share/logwatch/default.conf/logwatch.conf
Check and edit the following directives in order to suit your needs:
LogDir = /var/log MailFrom = Logwatch@mydomain.com Range = yesterday //(or today) Detail=Medium // (other: Low, Medium, High) Service=all //(other examples would be httpd, sshd2, ftp)
Run logwatch manually:
logwatch --detail High --mailto myemail@domain.com --service http --range today
The output should be like this:
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Tue May 19 14:21:59 2015
Date Range Processed: today
( 2015-May-19 )
Period is day.
Detail Level of Output: 5
Type of Output: unformatted
Logfiles for Host: nix
##################################################################
--------------------- courier mail services Begin ------------------------
**Unmatched Entries**
courier-pop3d - 2 Times
Connection, ip=[::ffff:182.118.53.150] - 1 Time
Disconnected, ip=[::ffff:182.118.53.150] - 1 Time
---------------------- courier mail services End -------------------------
--------------------- Cron Begin ------------------------
sshd:
Authentication Failures:
root (43.255.188.163): 4930 Time(s)
root (43.255.188.155): 3524 Time(s)
root (61-218-247-185.hinet-ip.hinet.net): 925 Time(s)
unknown (61-218-247-185.hinet-ip.hinet.net): 391 Time(s)
root (61.133.63.14): 137 Time(s)
root (58.218.205.72): 114 Time(s)
root (222.186.160.48): 98 Time(s)
root (218.65.30.61): 90 Time(s)
root (221.229.166.81): 80 Time(s)
root (58.218.205.66): 69 Time(s)
root (58.218.199.195): 68 Time(s)
Leave a Reply