Difference between revisions of "Monitor System Logs On Ubuntu"
From Amahi Wiki
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | This will provide the capability to receive system logs via e-mail. There are many customizable features , but this will only identify the basic ones. | + | This will provide the capability to receive system logs via e-mail. There are many customizable features, but this will only identify the basic ones. |
| + | |||
| + | '''NOTE:''' You need to have email capability set up on your server. One way is using your [http://wiki.amahi.org/index.php/Gmail_As_Relay_On_Ubuntu Gmail account]. | ||
Reference: [https://help.ubuntu.com/community/Logwatch Logwatch Tutorial] | Reference: [https://help.ubuntu.com/community/Logwatch Logwatch Tutorial] | ||
* First, open a terminal window and become '''root'''. Enter the following to install: | * First, open a terminal window and become '''root'''. Enter the following to install: | ||
| − | <blockquote> | + | <blockquote><pre>sudo apt-get install logwatch</pre></blockquote> |
* There are some additional steps needed for Ubuntu to work correctly: | * There are some additional steps needed for Ubuntu to work correctly: | ||
| − | <blockquote> | + | <blockquote><pre>sudo mkdir /var/cache/logwatch |
| − | sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/ | + | sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/</pre></blockquote> |
* You can customize the settings by adding options to '''''/etc/logwatch/conf/logwatch.conf'''''. If you want the log in email vs screen output, change this line read: | * You can customize the settings by adding options to '''''/etc/logwatch/conf/logwatch.conf'''''. If you want the log in email vs screen output, change this line read: | ||
| − | <blockquote> | + | <blockquote><pre>Output <nowiki>=</nowiki> mail</pre></blockquote> |
* By default it sends the daily logwatch email to the local root mail box. To change it, edit this line (change user@yourisp.com to desired email address) to read: | * By default it sends the daily logwatch email to the local root mail box. To change it, edit this line (change user@yourisp.com to desired email address) to read: | ||
| − | <blockquote> | + | <blockquote><pre>MailTo <nowiki>=</nowiki> user@yourisp.com</pre></blockquote> |
* If you want the email in html vs text, change this line to read: | * If you want the email in html vs text, change this line to read: | ||
| − | <blockquote> | + | <blockquote><pre>Format <nowiki>=</nowiki> html</pre></blockquote> |
* To test, enter the command '''''logwatch''''' and go check your email. | * To test, enter the command '''''logwatch''''' and go check your email. | ||
| − | <blockquote> | + | <blockquote><pre>sudo logwatch</pre></blockquote> |
* Ensure sendmail or postfix is running (rerun command and change '''''status''''' to '''''start''''' if not): | * Ensure sendmail or postfix is running (rerun command and change '''''status''''' to '''''start''''' if not): | ||
| − | <blockquote> | + | <blockquote><pre>service sendmail status</pre> |
or | or | ||
| − | + | <pre>service postfix status</pre></blockquote> | |
'''Optional:''' | '''Optional:''' | ||
Latest revision as of 16:54, 9 January 2021
This will provide the capability to receive system logs via e-mail. There are many customizable features, but this will only identify the basic ones.
NOTE: You need to have email capability set up on your server. One way is using your Gmail account.
Reference: Logwatch Tutorial
- First, open a terminal window and become root. Enter the following to install:
sudo apt-get install logwatch
- There are some additional steps needed for Ubuntu to work correctly:
sudo mkdir /var/cache/logwatch sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
- You can customize the settings by adding options to /etc/logwatch/conf/logwatch.conf. If you want the log in email vs screen output, change this line read:
Output = mail
- By default it sends the daily logwatch email to the local root mail box. To change it, edit this line (change user@yourisp.com to desired email address) to read:
MailTo = user@yourisp.com
- If you want the email in html vs text, change this line to read:
Format = html
- To test, enter the command logwatch and go check your email.
sudo logwatch
- Ensure sendmail or postfix is running (rerun command and change status to start if not):
service sendmail statusor
service postfix status
Optional:
- These are a few more basic options that can be configured.
- Range = yesterday (default) - additional values are all or today.
- Detail = Low (default) - additional values are med or high. I set mine to med.
This application runs transparent in the background, once daily in the morning. If you want to run it more frequently (i.e. send logs for today), then change the range and execute the command logwatch as needed.
NOTE: If you want to forward these emails to another (including external) account, see Forward System Emails.
