Logwatch is a log analysis tool used in Unix-like systems. It summarizes logs from various services such as Apache, PAM, SSH, and others into a single report. This report provides a summary of the system’s activity, including security-related information, for the specified time period (e.g. daily, weekly, etc.). Logwatch uses a flexible rule system to determine which log entries are interesting and important, and then formats the output into a readable report. The report is usually sent via email, although it can also be sent to a file or to standard output. Logwatch helps system administrators to monitor their systems by providing them with a concise, automated summary of log data.
If you encounter the below error while running the command logwatch:
logwatch: command not found
you may try installing the below package as per your choice of distribution:
| Distribution | Command |
|---|---|
| Debian | apt-get install logwatch |
| Ubuntu | apt-get install logwatch |
| Arch Linux | pacman -S logwatch |
| Kali Linux | apt-get install logwatch |
| CentOS | yum install logwatch |
| Fedora | dnf install logwatch |
| Raspbian | apt-get install logwatch |
logwatch Command Examples
1. Analyze logs for a range of dates at a certain level of detail:
# logwatch --range yesterday|today|all|help --detail low|medium|others'
2. Restrict report to only include information for a selected service:
# logwatch --range all --service apache|pam_unix|etc