In this article, we will see how to install logwatch on Ubuntu 22.04. Logwatch is a powerful and versatile log parsing and analysis tool widely used in the Linux and Unix environments. It's designed to help system administrators monitor and review activity on their servers by providing summarized reports from various system logs. Logwatch parses through your system's log files and generates a report summarizing the activities and issues it finds. It is primarily used for monitoring system health, security audits, and troubleshooting. It is also easy to install and use in almost all the famous platforms. Here we will see the steps to install logwatch on Ubuntu 22.04 based systems.
Important Features
- Customizable Detail Levels: Reports can be customized with different detail levels (Low, Medium, High), allowing users to control the amount of information provided.
- Flexible Output Formats: Supports various output formats including plain text, HTML, and can be easily sent via email or saved to a file.
- Service-Specific Reports: Logwatch is capable of generating reports for specific services like Apache, SSHD, FTP, and more, each with their unique log formats.
- Regular Expressions for Parsing: Uses regular expressions to parse log entries, making it highly adaptable to different log formats.
- Automated Reports via Cron: Typically set up to run automatically via cron jobs, providing daily, weekly, or custom frequency reports.
- Support for Numerous Log Files: It supports a wide range of log files and services, making it a versatile tool for comprehensive log analysis.
![How to Install logwatch on Ubuntu 22.04 [Simple Steps]](https://www.socialyzehub.com/wp-content/uploads/2024/01/log_watch.jpg)
How to Install logwatch on Ubuntu 22.04 [Simple Steps]
Also Read: How to Install Gdb on Ubuntu or Debian
Step 1: Prerequisites
a) You should have a running Ubuntu 22.04 Server.
b) You should have sudo or root access to run privileged commands.
c) You should have apt or apt-get utility available in your Server.
Step 2: Update Your Server
First you have to make sure to update all your installed packages to the latest version by using sudo apt update && sudo apt upgrade command as shown below. This will also keep your system secure and stable by installing all the latest security patches and bug fixes along with the feature upgrades.
socialyzehub@ubuntu:~$ sudo apt update && sudo apt upgrade
[sudo] password for socialyzehub:
Hit:1 http://in.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:3 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:4 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
3 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
gir1.2-keybinder-3.0 libkeybinder-3.0-0 python3-configobj python3-psutil
Use 'sudo apt autoremove' to remove them.
The following packages have been kept back:
base-files gjs libgjs0g
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Step 3: Install logwatch
Then install logwatch package from default ubuntu repo by using sudo apt install logwatch command as shown below. This will download and install the package along with all its required dependencies.
socialyzehub@ubuntu:~$ sudo apt install logwatch Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: gir1.2-keybinder-3.0 libkeybinder-3.0-0 python3-configobj python3-psutil Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: libdate-manip-perl postfix Suggested packages: libsys-cpu-perl libsys-meminfo-perl procmail postfix-mysql postfix-pgsql postfix-ldap postfix-pcre postfix-lmdb postfix-sqlite sasl2-bin | dovecot-common resolvconf postfix-cdb postfix-mta-sts-resolver postfix-doc The following NEW packages will be installed: libdate-manip-perl logwatch postfix 0 upgraded, 3 newly installed, 0 to remove and 3 not upgraded. Need to get 2,570 kB of archives. After this operation, 19.2 MB of additional disk space will be used. Do you want to continue? [Y/n] Y ...................................................
During installation, you will be asked to configure mail server. You can choose any of the mail server from below list and then use tab to click on Ok to proceed with the installation.
You will also be asked to provide the fully qualified domain name(FQDN) of your server. You can provide the valid domain name and then use tab to click on OK.
After a while, you will notice that the installation will be finished successfully.
Step 4: Verify Installation
After installing the package, you can verify its installation status by running dpkg -s logwatch command as shown below. You can also check 21+ Practical dpkg Command Examples for Linux Beginners to know more about dpkg command usage.
socialyzehub@ubuntu:~$ dpkg -s logwatch Package: logwatch Status: install ok installed Priority: optional Section: admin Installed-Size: 2281 Maintainer: Ubuntu Developers <[email protected]> Architecture: all Version: 7.5.6-1ubuntu1 Depends: perl:any, default-mta | mail-transport-agent Recommends: libdate-manip-perl Suggests: libsys-cpu-perl, libsys-meminfo-perl Conffiles: /etc/cron.daily/00logwatch 7dc8762056d74637d60b5523e9fa7981 ....................................................
Step 5: Check Version
You can also check the current installed version by using logwatch --version command as shown below.
socialyzehub@ubuntu:~$ logwatch --version Logwatch 7.5.6 (released 07/23/21)
Step 6: Configuring logwatch
Logwatch configuration is controlled through files located in /etc/logwatch/:-
- /etc/logwatch/conf/logwatch.conf: The main configuration file.
- /etc/logwatch/conf/override.conf: Used to override default configurations.
- /etc/logwatch/conf/services/: Contains service-specific configurations.
- /etc/logwatch/conf/logfiles/: Contains logfile group configurations.
You can configure Logwatch to monitor specific services by editing the files in /etc/logwatch/conf/services/. After finishing up the configuration, you can test it by running logwatch --detail High --output stdout --range yesterday command as shown below.
socialyzehub@ubuntu:~$ logwatch --detail High --output stdout --range yesterday
File /var/log/auth.log is not readable. Check permissions. You are not running as superuser.
File /var/log/auth.log.1 is not readable. Check permissions. You are not running as superuser.
File /var/log/mail.log is not readable. Check permissions. You are not running as superuser.
File /var/log/mail.log.1 is not readable. Check permissions. You are not running as superuser.
File /var/log/syslog is not readable. Check permissions. You are not running as superuser.
File /var/log/syslog.1 is not readable. Check permissions. You are not running as superuser.
File /var/log/kern.log is not readable. Check permissions. You are not running as superuser.
File /var/log/kern.log.1 is not readable. Check permissions. You are not running as superuser.
################### Logwatch 7.5.6 (07/23/21) ####################
Processing Initiated: Sat Jan 20 01:36:45 2024
Date Range Processed: yesterday
( 2024-Jan-19 )
Period is day.
Detail Level of Output: 10
Type of Output/Format: stdout / text
Logfiles for Host: ubuntu
##################################################################
--------------------- dpkg status changes Begin ------------------------
Installed:
libdate-manip-perl:all 6.86-1
logwatch:all 7.5.6-1ubuntu1
postfix:amd64 3.6.4-1ubuntu1.1
Upgraded:
binutils-common:amd64 2.38-4ubuntu2.4 => 2.38-4ubuntu2.5
binutils-x86-64-linux-gnu:amd64 2.38-4ubuntu2.4 => 2.38-4ubuntu2.5
binutils:amd64 2.38-4ubuntu2.4 => 2.38-4ubuntu2.5
gir1.2-javascriptcoregtk-4.0:amd64 2.42.3-0ubuntu0.22.04.1 => 2.42.4-0ubuntu0.22.04.1
gir1.2-webkit2-4.0:amd64 2.42.3-0ubuntu0.22.04.1 => 2.42.4-0ubuntu0.22.04.1
libbinutils:amd64 2.38-4ubuntu2.4 => 2.38-4ubuntu2.5
libctf-nobfd0:amd64 2.38-4ubuntu2.4 => 2.38-4ubuntu2.5
libctf0:amd64 2.38-4ubuntu2.4 => 2.38-4ubuntu2.5
libjavascriptcoregtk-4.0-18:amd64 2.42.3-0ubuntu0.22.04.1 => 2.42.4-0ubuntu0.22.04.1
libmm-glib0:amd64 1.20.0-1~ubuntu22.04.2 => 1.20.0-1~ubuntu22.04.3
libpam-modules-bin:amd64 1.4.0-11ubuntu2.3 => 1.4.0-11ubuntu2.4
libpam-modules:amd64 1.4.0-11ubuntu2.3 => 1.4.0-11ubuntu2.4
libpam-runtime:all 1.4.0-11ubuntu2.3 => 1.4.0-11ubuntu2.4
libpam0g:amd64 1.4.0-11ubuntu2.3 => 1.4.0-11ubuntu2.4
libwebkit2gtk-4.0-37:amd64 2.42.3-0ubuntu0.22.04.1 => 2.42.4-0ubuntu0.22.04.1
modemmanager:amd64 1.20.0-1~ubuntu22.04.2 => 1.20.0-1~ubuntu22.04.3
systemd-hwe-hwdb:all 249.11.4 => 249.11.5
tzdata:all 2023c-0ubuntu0.22.04.2 => 2023d-0ubuntu0.22.04
xserver-common:all 2:21.1.4-2ubuntu1.7~22.04.5 => 2:21.1.4-2ubuntu1.7~22.04.7
xserver-xephyr:amd64 2:21.1.4-2ubuntu1.7~22.04.5 => 2:21.1.4-2ubuntu1.7~22.04.7
xserver-xorg-core:amd64 2:21.1.4-2ubuntu1.7~22.04.5 => 2:21.1.4-2ubuntu1.7~22.04.7
xserver-xorg-legacy:amd64 2:21.1.4-2ubuntu1.7~22.04.5 => 2:21.1.4-2ubuntu1.7~22.04.7
xwayland:amd64 2:22.1.1-1ubuntu0.9 => 2:22.1.1-1ubuntu0.10
Removed:
logwatch:all 7.5.6-1ubuntu1
---------------------- dpkg status changes End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 98G 16G 77G 18% /
/dev/sda2 512M 6.1M 506M 2% /boot/efi
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
Step 7: Check all available options
You can check all the options available with logwatch command using logwatch --help as shown below.
socialyzehub@ubuntu:~$ logwatch --help
Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>] [--output <output_type>]
[--format <format_type>] [--encode <encoding>] [--numeric]
[--mailto <addr>] [--archives] [--range <range>] [--debug <level>]
[--filename <filename>] [--help|--usage] [--version] [--service <name>]
[--hostformat <host_format type>] [--hostlimit <host1,host2>] [--html_wrap <num_characters>]
--detail <level>: Report Detail Level - High, Med, Low or any #.
--logfile <name>: *Name of a logfile definition to report on.
--logdir <name>: Name of default directory where logs are stored.
--service <name>: *Name of a service definition to report on.
--output <output type>: Report Output - stdout [default], mail, file.
--format <formatting>: Report Format - text [default], html.
--encode <encoding>: Encoding to use - none [default], base64, 7bit, 8bit [same as 'none'].
--mailto <addr>: Mail report to <addr>.
--archives: Use archived log files too.
................................................
Step 8: Uninstall logwatch
Once you are done using logwatch, you can choose to remove it from your system by using sudo apt remove logwatch command as shown below. If you are also looking to remove all the dependencies then use --auto-remove option with below command.
socialyzehub@ubuntu:~$ sudo apt remove logwatch [sudo] password for socialyzehub: Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: gir1.2-keybinder-3.0 libdate-manip-perl libkeybinder-3.0-0 python3-configobj python3-psutil Use 'sudo apt autoremove' to remove them. The following packages will be REMOVED: logwatch 0 upgraded, 0 newly installed, 1 to remove and 3 not upgraded. After this operation, 2,336 kB disk space will be freed. Do you want to continue? [Y/n] Y (Reading database ... 241506 files and directories currently installed.) Removing logwatch (7.5.6-1ubuntu1) ... Processing triggers for man-db (2.10.2-1) ...