Master Logwatch: Install and Analyze Linux Logs Efficiently

Linux Log Analysis Tool (logwatch) Installation and Usage

Logs are crucial system files; administrators spend time analyzing them to assess server health. Manually checking every log is tedious, and skipping this step can lead to serious problems.

Log analysis tools automate the process: they parse logs, summarize the results, and email the report to the root user, allowing admins to review a single email each day instead of opening many files.

CentOS includes Logwatch but does not install it by default in the "Basic Server" setup. Install it with the following command: yum -y install logwatch After installation, copy the default configuration file to the active location:

cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/logwatch.conf

The configuration file contains many comments; after removing them, the essential settings are:

LogDir = /var/log
TmpDir = /var/cache/logwatch
MailTo = root
MailFrom = Logwatch
Print =
Range = yesterday
Detail = Low
Service = All
Service = "-zz-network"
Service = "-zz-sys"
Service = "-eximstats"

These defaults work for most cases. Logwatch is scheduled to run daily by cron via the 0logwatch script placed in /etc/cron.daily/. To execute it immediately, run: logwatch The generated email contains sections such as Connections, SSHD activity, installed packages (yum), and disk space usage, providing concise statistics and details for each area.

Using Logwatch greatly simplifies log management on Linux. While many other log analysis tools exist, this article focuses on the built‑in Logwatch provided by CentOS.