Server administrators often use to add their own email id to receive all server notifications.
This should not be done this way, instead you should add your team DL (Linux team DL) so that everyone on your team can receive this alert and act accordingly.
If it is not configured with your DL, refer the following steps to configure it.
What’s Logwatch?
Logwatch is a system log analyzer and reporter.
Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and generate a report and then mail the details.
This report will help you identify if any errors or warnings have been reported on the system.
Use the find command to search for the logwatch.conf file.
$ sudo find / -name logwatch.conf /etc/logwatch/conf/logwatch.conf /usr/share/logwatch/default.conf/logwatch.conf
Once you get the configuration file. Open the file and search for the word MailTo and change your DL.
$ sudo nano /usr/share/logwatch/default.conf/logwatch.conf MailTo = [email protected]
If you want to add multiple email ids, use commas (,).
$ sudo nano /usr/share/logwatch/default.conf/logwatch.conf MailTo = [email protected],[email protected]
Bonus tips
By default, this will not enable all the features and you will need to configure the required services based on your needs.
To do so, navigate to the logwatch service directory where you can see all services configuration files.
$ cd /usr/share/logwatch/default.conf/services
Finally, edit it based on your requirements.
$ sudo vi xyz.conf
For instance, modify the below config file to get a disk space alert.
$ sudo vi zz-disk_space.conf #New disk report options #Uncomment this to show the home directory sizes $show_home_dir_sizes = 1 $home_dir = "/home" #Uncomment this to show the mail spool size $show_mail_dir_sizes = 1 $mail_dir = "/var/spool/mail" #Uncomment this to show the system directory sizes /opt /usr/ /var/log $show_disk_usage = 1
Once you have made changes, run the logwatch command manually in a debug mode and check for errors.
$ sudo /usr/sbin/logwatch -d /usr/share/logwatch/default.conf/services/zz-disk_space.conf
When all is done, you can manually run the logwatch without the options to test it.
$ sudo logwatch
################### Logwatch 7.5.2 (07/22/19) ####################
Processing Initiated: Wed Jan 20 15:59:12 2021
Date Range Processed: yesterday
( 2021-Jan-19 )
Period is day.
Detail Level of Output: /usr/share/logwatch/default.conf/services/zz-disk_space.conf
Type of Output/Format: stdout / text
Logfiles for Host: 2daygeek
##################################################################
--------------------- dpkg status changes Begin ------------------------
Upgraded:
python3-pil:amd64 7.0.0-4ubuntu0.1 => 7.0.0-4ubuntu0.2
xserver-common:all 2:1.20.9-2ubuntu1.1~20.04.1 => 2:1.20.9-2ubuntu1.2~20.04.1
xserver-xephyr:amd64 2:1.20.9-2ubuntu1.1~20.04.1 => 2:1.20.9-2ubuntu1.2~20.04.1
xserver-xorg-core:amd64 2:1.20.9-2ubuntu1.1~20.04.1 => 2:1.20.9-2ubuntu1.2~20.04.1
xserver-xorg-legacy:amd64 2:1.20.9-2ubuntu1.1~20.04.1 => 2:1.20.9-2ubuntu1.2~20.04.1
xwayland:amd64 2:1.20.9-2ubuntu1.1~20.04.1 => 2:1.20.9-2ubuntu1.2~20.04.1
Removed:
linux-modules-extra-5.4.0-59-generic:amd64 5.4.0-59.65
linux-modules-nvidia-450-5.4.0-59-generic:amd64 5.4.0-59.65
---------------------- dpkg status changes End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Kernel Errors Present
iwlwifi 0000:08:00.0: Direct firmware load for iwl-debug-yoyo.bin failed with error -2 ...: 2 Time(s)
---------------------- Kernel End -------------------------
--------------------- pam_unix Begin ------------------------
polkit-1:
Sessions Opened:
magi -> root: 4 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
**Unmatched Entries**
PackageKit: uid 1000 is trying to obtain org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0): 3 Time(s)
PackageKit: uid 1000 obtained auth for org.freedesktop.packagekit.system-sources-refresh: 3 Time(s)
gdm-password]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring: 2 Time(s)
gdm-password]: gkr-pam: stashed password to try later in open session: 2 Time(s)
gdm-password]: gkr-pam: unable to locate daemon control file: 2 Time(s)
gnome-keyring-daemon: The PKCS#11 component was already initialized: 2 Time(s)
gnome-keyring-daemon: The Secret Service was already initialized: 2 Time(s)
systemd-logind: Lid closed.: 1 Time(s)
systemd-logind: Operation 'sleep' finished.: 1 Time(s)
systemd-logind: Suspending...: 2 Time(s)
systemd-logind: System is rebooting.: 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- stunnel Begin ------------------------
Argument "/usr/share/logwatch/default.conf/services/zz-disk_space...." isn't numeric in numeric gt (>) at /usr/share/logwatch/scripts/services/stunnel line 170.
---------------------- stunnel End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/nvme0n1p5 234G 51G 172G 23% /
/dev/loop1 56M 56M 0 100% /snap/core18/1944
/dev/loop2 218M 218M 0 100% /snap/gnome-3-34-1804/60
/dev/loop0 56M 56M 0 100% /snap/core18/1932
/dev/loop3 65M 65M 0 100% /snap/gtk-common-themes/1514
/dev/loop4 52M 52M 0 100% /snap/snap-store/498
/dev/loop5 52M 52M 0 100% /snap/snap-store/518
/dev/loop6 32M 32M 0 100% /snap/snapd/10707
/dev/loop7 32M 32M 0 100% /snap/snapd/10492
/dev/loop8 219M 219M 0 100% /snap/gnome-3-34-1804/66
/dev/loop9 63M 63M 0 100% /snap/gtk-common-themes/1506
/dev/nvme0n1p1 511M 4.0K 511M 1% /boot/efi
/dev/sda2 932G 706G 226G 76% /media/magi/DATA
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
Conclusion
In this tutorial, we have shown you how to change the Logwatch email notification and how to configure the services in the Logwatch.
