I‘m using Logwatch for reporting on unusual items in syslog. I’ve central logserver up and running. All other Linux servers send logs to a remote loghost called log.example.com. How do I configure Logwatch on the central log server so that it will send daily logs messages in a single e-mail?
logwatch is system log analyzer and reporter. It will go through your logs for a given period of time and make a report in he areas that you wish with the detail that you wish.
Logwatch is being used for Linux and many types of UNIX. Logwatch will separate entries by hostname, if you set SplitHosts to yes. Make sure the option MultiEmail is set to no in order to send a single e-mail message.
Step #1: Configuration Logwatch On The Central Log Server
You need to edit the /etc/logwatch/conf/logwatch.conf file on the central log server. Edit the file using vi text editor, enter:
# vi /etc/logwatch/conf/logwatch.conf
Update / add settings as follows:
SplitHosts = yes HostLimit = no MultiEmail = no
Step # 2: Disable Logwatch On Other Servers
Now you’ve a central logserver which has been configured to report on logs received from all systems. You need to disable logwatch cron job on on all other boxes:
# mv /etc/cron.daily/0logwatch /path/to/backup
Alternatively, you can simply remove the logwatch package:
# rpm -e logwatch
|Category||List of Unix and Linux commands|
|Firewall||CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04|
|Network Utilities||dig • host • ip • nmap|
|OpenVPN||CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04|
|Package Manager||apk • apt|
|Processes Management||bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time|
|Searching||grep • whereis • which|
|User Information||groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w|
|WireGuard VPN||CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04|