configuring logwatch on your server

Jump to: navigation, search

LogWatch is a standard Linux utility which sends you an email every day with a summary of the major events that happen on your server. The data can also be stored in logs located in the /tmp/logwatch directory -- be aware that these could be wiped out after a reboot.

You will see all successful and unsuccessful ssh logins and all unsuccessful ftp logins, virus definition upgrades, etc. For security reasons it is recommended that you review these emails every morning.

If you aren’t getting your daily emails or would like more details, the LogWatch configuration file is located here: /etc/log.d/logwatch.conf

Sometimes the LogWatch program needs to be started the first time with the command logwatch from the ssh prompt.