Objective

Applications generate essential records known as "log files" to document ongoing activities. These files, though more than simple text outputs, can be intricate to navigate, especially on a bustling server. When it becomes necessary to consult these log files, such as during system failures or data losses, leveraging available tools becomes crucial. The ability to swiftly comprehend (parse) the information contained within these files regarding past events and analyzing the exact sequence of occurrences becomes paramount in devising effective solutions.

This article delves into Logwatch, a potent log parser and analyzer designed to alleviate the challenges faced by dedicated system administrators when addressing tasks and issues related to applications. Discover how Logwatch can significantly streamline the life of a system administrator by providing valuable insights into application-related events.

What are log files?

In essence, log files encompass the actions and events occurring within a specified time frame. An effective log file should offer comprehensive details to assist administrators, tasked with system maintenance, in locating precise information for specific purposes. Consequently, log files tend to be extensive, containing numerous repetitions and mostly redundant entries. Thorough analysis and filtering are essential to extract meaningful insights for human comprehension.

Contemporary administrators continue to rely on logs to ensure the seamless operation of systems, i.e., servers. Beyond the jest, these files, generated by applications, play a pivotal role in retracing and comprehending past events for purposes ranging from full/partial data recovery (transaction logs) to performance and strategy analyses (server logs) and future adjustments (access logs).

Enter Logwatch, a purpose-built computer application, stepping in to handle this intricate task. Learn how Logwatch's capabilities can efficiently navigate through the complexity of log files, providing administrators with the pertinent information needed for effective system management.

Introducing Logwatch

Log management encompasses critical tasks such as search, log rotation/retention, and reporting. Addressing the intricacies of this field, Logwatch emerges as a valuable application, streamlining log management through daily analysis and reporting of concise digests derived from the activities occurring on your machine.

Logwatch's reports are meticulously categorized based on the services (applications) operating on your system. This categorization is customizable, allowing you to include specific services or aggregate them all, depending on your preferences. Tailoring Logwatch to your needs is a breeze, facilitated by its user-friendly configuration file. Moreover, Logwatch extends its functionality by enabling the creation of custom analysis scripts, catering to specific requirements and enhancing its adaptability to diverse scenarios.

Explore how Logwatch empowers users with efficient log management, providing insights and reports that simplify the complexities of monitoring and analyzing activities on your machine.

Let’s Get Started

Step 1: Install Logwatch

1.1 Install logwatch

Let’s install logwatch using the following command at the terminal:

Code

                $ sudo apt install logwatch
            

1.2 Create a temporary directory

We will also need to manually create a temporary directory for it to work:

Code

                $ sudo mkdir /var/cache/logwatch
            

Step 2: Configure Logwatch

2.1 Copy the configuration file

Logwatch’s default configuration is at /usr/share/logwatch/default.conf/logwatch.conf. Please note that the configuration changes made directly to that file can be overwritten during updates, so instead let’s copy the file into /etc and modify there:

Code

                $ sudo cp /usr/share/logwatch/default.conf/logwatch.conf/etc/logwatch/conf/
            

2.2 Edit the configuration file

Open /etc/logwatch/conf/logwatch.conf in any text editor (we love to use nano). The uncommented lines indicate the default configuration values. First, let’s customise some of the basics:

Code

                Output = mail
                MailTo = me@example.com
                MailFrom = logwatch@example.com
                Detail = Low
                Service = All
            

This assumes you’ve already set up mail services on the host that will allow mail to be delivered to your me@example.com address. These emails will be addressed from logwatch@example.com.

The Detail level defines how much information is included in the reports. Possible values are: Low, Medium, and High

If you wish to receive reports for specific ones, modify it similar to the following example, listing each service on a new line (e.g. Service = [name]), for example:

Code

                Service = sendmail
                Service = http
                Service = nginx
                Detail = Low
                Service = All
                ...
            

Save and Close the file

Step 3 - Running Logwatch Manually

Please note that you can run Logwatch manually whenever needed through the command line.

Here are the available options:

Code

                logwatch  [--detail  level  ] [--logfile log-file-group ] [--service service-name ] [--print] 
                  [--mailto address ] [--archives] [--range range  ]  [--debug  level  ]  [--save  file-name  ]  
                   [--logdir  directory ] [--hostname hostname ] [--splithosts] [--multiemail] 
                   [--output output-   type ] [--numeric] [--no-oldfiles-log] [--version] [--help|--usage]
            

Let’s try to get the logs for today. By doing this we will also ensure that our configuration changes are valid.

Code

                $ sudo logwatch --detail Low --range today
            

Here is the Ubuntu Manpage for Logwatch where you can see more options to work with logwatch. 

As we conclude the seamless installation and fine-tuning of Logwatch, we've not just implemented a powerful log analyzer but equipped ourselves with a valuable ally in navigating the intricate landscapes of system monitoring. With Logwatch diligently at work, you're now poised to effortlessly unravel the insights within your log files, ensuring a proactive and efficient approach to system administration. Here's to simplified log management and a more streamlined journey ahead!