Logwatch Log Analyzer and Reporter

Logwatch Log Analyzer and Reporter allows you to parse service generated logs and have them emailed to you, rather than you having to manually look at them. This is handy to regularly analyses particular events to keep a close eye on them. Read more here. Begin by installing logwatch:

yum install logwatch

Edit /usr/share/logwatch/default.config/logwatch.conf to define some parameters:

MailTo = simon@magrin.one
MailFrom = alerts@magrin.one
Print = Yes
Save = /tmp/logwatch
Range = Today

The next step is optional as Logwatch does have the ability to email logs of interest. Howeve the script below allows you to provide a subject name and send on queue. Create a script to run a daily report that'll be emailed:

touch logwatch.sh

nano logwatch.sh

#!/bin/bash
/usr/sbin/logwatch --detail Low --range today --service all --service -amavis --service -dovecot --service -http --service -zz-network --service -zz-sys > /tmp/logwatch.txt &
sleep 5
cat /tmp/logwatch.txt | mail -s "Logwatch Report" -r 'mail<alerts@magrin.one>' simon@magrin.one

This will report on all services, excluding amavisd, dovecot, httpd, network status, system and kernel status. Tweak as needed as some of these logs can be repetitive, too verbose or duplicated from other logs. Update crontab to execute daily:

crontab -e

0 20 * * * /bin/bash /root/files/logwatch.sh