BestHub
Sign in
Operations 8 min read

How to Install and Use Logwatch for Automated Linux Log Analysis

This guide explains how to install Logwatch on CentOS, configure its settings, run it manually or via daily cron, and interpret the sample email output that summarizes system logs, SSH activity, installed packages, and disk usage.

Liangxu Linux
Liangxu Linux
Liangxu Linux
How to Install and Use Logwatch for Automated Linux Log Analysis

Log files are essential for monitoring Linux servers, but manually inspecting them is tedious. Logwatch provides automated analysis and emails summaries to the root user.

On CentOS the tool is not installed by default in the “Basic Server” profile, so you must install it manually: # yum -y install logwatch After installation, create a usable configuration by copying the template:

# cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/logwatch.conf

Edit /etc/logwatch/conf/logwatch.conf and set the most relevant options (example values shown):

LogDir = /var/log
TmpDir = /var/cache/logwatch
MailTo = root
MailFrom = Logwatch
Print = 
Range = yesterday
Detail = Low
Service = All
Service = "-zz-network"
Service = "-zz-sys"
Service = "-eximstats"

The configuration file needs only minimal changes; the default settings already cause Logwatch to run daily via a cron job placed in /etc/cron.daily/0logwatch.

To trigger an immediate analysis, run: # logwatch The command generates an email containing sections such as Connections, SSHD activity, installed packages, and disk usage. A truncated example of the output is shown below:

######## Logwatch 7.3.6 (05/19/07) ################
Processing Initiated: Fri Jun 7 11:57:33 2013
Date Range Processed: all
Detail Level of Output: 0
...
--- Connections (secure-log) Begin ---
New Users: bb (501) def (503) ...
Failed logins: User root: (null): 3 Time(s)
--- SSHD Begin ---
SSHD Killed: 7 Time(s)
Users logging in through sshd: 192.168.0.104: 10 times ...
--- yum Begin ---
Packages Installed: perl-YAML-Syck-1.07-4.el6.i686 perl-Date-Manip-6.24-1.el6.noarch logwatch-7.3.6-49.el6.noarch
--- Disk Space Begin ---
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 20G 1.9G 17G 11% /
/dev/sda1 194M 26M 158M 15% /boot
...

With Logwatch configured, administrators receive concise daily reports, freeing them from the repetitive task of opening each log file. Although CentOS ships with Logwatch, many other log‑analysis tools are available for Linux, and users can choose the one that best fits their workflow.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

cronSystem Administrationlog analysisyumlogwatch
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment