Home
»
How to Install and Use Logwatch on Your VPS for Daily Log Reporting

How to Install and Use Logwatch on Your VPS for Daily Log Reporting

Keeping an eye on system activity is crucial for server security and performance. But raw logs can be overwhelming. This is where Logwatch comes in — a log analyzer and email-based reporter that summarizes your VPS activity into a clear daily digest.

In this guide, you’ll learn how to install, configure, and automate Logwatch on a Linux VPS so you can stay informed with minimal effort.

🧰 What Is Logwatch?

Logwatch is a log parser and reporting tool that scans system log files, organizes entries by service, and sends you a daily email summary.

🔍 Key Benefits:

Automated daily reports
Organized by service (SSH, Apache, Cron, etc.)
Email delivery of results
Works on most Linux distros (CentOS, Debian, Ubuntu)

🛠️ Step 1: Install Logwatch

🔹 On Debian/Ubuntu:

bashCopyEditsudo apt update
sudo apt install logwatch -y

🔹 On CentOS/RHEL:

bashCopyEditsudo yum install logwatch -y

⚙️ Step 2: Basic Configuration

Check where Logwatch is installed:

bashCopyEditwhich logwatch
# Usually /usr/sbin/logwatch

Run a manual report:

bashCopyEditsudo logwatch --detail High --mailto [email protected] --range today --service all

Explanation:

--detail High: level of detail
--mailto: recipient of the report
--range today: logs from today
--service all: include all log services

🧩 Step 3: Customize Logwatch Defaults

Edit the default configuration file:

bashCopyEditsudo nano /usr/share/logwatch/default.conf/logwatch.conf

Set:

iniCopyEditMailTo = [email protected]
Detail = High
Range = yesterday

This sets Logwatch to send a detailed report of yesterday’s activity via email.

⏰ Step 4: Automate with Cron

Logwatch is often scheduled by default. To verify:

bashCopyEditcat /etc/cron.daily/0logwatch

If it’s not automated, add a cron job:

bashCopyEditsudo crontab -e

Add:

bashCopyEdit0 6 * * * /usr/sbin/logwatch --output mail --mailto [email protected] --detail high

This sends a report every day at 6:00 AM.

🔒 Step 5: Optional – Filter or Add Specific Services

You can limit which services Logwatch includes, such as:

bashCopyEdit--service sshd --service apache

Or exclude noisy ones for clarity:

bashCopyEdit--service all --service -cron

For persistent control, create a custom config under:

bashCopyEdit/etc/logwatch/conf/

🧠 Final Thoughts

Logwatch is a powerful tool to help you stay updated on your server’s status without drowning in raw logs. It’s lightweight, easy to use, and ideal for system admins who want a quick daily summary.