Knowledgebase:
Linux server weekly status email using Logwatch
Posted by Jared Thomas on 08 April 2017 10:57 AM
The following is directions on setting up a server to send a weekly status email with relevant information about system resource usage and activities. This summary isn't a substitute for a proper monitoring system but it can be a very useful tool for keeping an eye on multiple servers without having to expend too much effort. These directions are written for Ubuntu 16.04 but with some minor modification, they can be made to work with other versions and distros as well.
  1. sudo apt-get install fortune-mod libsys-cpu-perl libsys-meminfo-perl logwatch libdate-manip-perl
  2. sudo mkdir /var/cache/logwatch
  3. sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
  4. Configure logwatch with the following commands:
    1. sudo nano /etc/logwatch/conf/logwatch.conf and change the following lines:
    2. set MailFrom to an internal email address such as [email protected] This will help keep the message from getting flagged as spam.
    3. comment out the lines that start with Service = "-zz-network" and Service = "-zz-sys". This will add network and sys sections to the message.
  5. Set up cron with the following commands:
    1. sudo crontab -e and paste in the following at the bottom:
    2. 0 4 * * 1  /usr/sbin/logwatch --mailto [email protected] --output mail --format html --range 'between -7 days and today'
  6. run /usr/sbin/logwatch --mailto [email protected] --output mail --format html --range 'between -7 days and today' and check your email to confirm that the report arrived


Errata
  1. For the cron job, you can set whatever time you'd like. I recommend dedicating a time every week to reviewing logs, putting it on your calendar and then programming cron on all of your servers to send this report immediate beforehand.
  2. Logwatch relies on the local MTA to transmit email. By default, it will just send the email out from the server without using a relay. Depending on your network configuration, this may cause the messages to be flagged as spam in which case, you will need to configure a relay.
(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).