Episode: 431
Title: HPR0431: Logwatch
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0431/hpr0431.mp3
Transcribed: 2025-10-07 20:23:04

---

you
And today's episode is on LogWatch.
Reading from the man pages, LogWatch is a customizable, pluggable, log monitoring system.
It will go through your logs for a given period of time and make a report in areas that
you wish with the details that you wish.
LogWatch is being used for Linux and many different types of Unix.
So what is this application and why is it so useful?
Well there are two things that we all know we should do, but we all sometimes forget
to do.
One is backups and that's already been addressed here in the Hacker Public Radio series.
And the other is monitoring your log files.
Now a more systems log files get stored in a directory called var log.
And in there we'll see all series of log files.
One of the most common one is messages and if you type dmsg on the command line that is
essentially a listing of var log messages.
Now the location of these log files will depend on the system that you're on.
And how they're put in there will also depend on the system you're on.
However, this is not a episode on syslog, although actually it's not a bad idea we should
do an episode on syslog.
Now in my var log messages I see that there are log files for ACPID apt aptitude auth.log
dm.log, dbog, dniholes, dmestges, kdm, kernel.log, lpure.log, mail, messages.
And essentially a lot of these subsystems which are, these are log files from different
subsystems and they're essentially defined by the syslog dm and whichever one you happen
to be running.
And it dumps them in here.
And that's all, they all contain valuable information that's very useful and I'm sure
we all go through those daily, not.
Here's where log watch comes in.
What it does is it's a simply a series of scripts that have been built up over time.
And they, they're a part of scripts actually.
And what they do is they will parse through they, they're aware of the format of various
different programs like I don't know pro ftpd or Apache or I'm upd for instance.
And they're aware of the format of the log files and they have a good idea of what's important
and what isn't.
And what they do is they send you an email summary of what's important in those log files.
So for example, I have it set up, well actually I like, I installed it and did very little
configuration.
In fact, I did no configuration whatsoever.
The email went to the root user, which I collect.
And I get once a day a nice summary of various different things that are happening on my
system.
So for example, I have the beginning a list of denied hosts.
I'm running a script to ban users who connect in to SSH.
And then I have a summary of the packages that were installed and removed.
I have various different sections on the smart D and the performance of my hard disks,
the airflow and temperature and so forth.
Summary of the SSH D activity.
If I had Apache here, I'd have a list of what's going on with Apache.
At the end, I have a disk space summary.
And if I had fortune installed, I'd see a list of, I would see a list of today's fortune.
And all that's sent in a nice summary to me in an email, and it gives me a nice quick
overview of what's going on in my different servers.
So that's pretty much that.
Once you install it, I'll take my, it installs various different subdirectories, ETC log watch.
And in there, they create some subdirectories.
But in actual fact, it puts most of its configuration into user share logwatch default.com.
And in a folder called log files, it has the configuration for the log files.
And in a folder called services, it has configuration for the services that's going to monitor.
So I see in here IP tables, kernels, male scanner, mod probe, and that sort of thing.
They've broken out a subdirectorie called user share logwatch dist.com.
And these are where they distro-specific log files are put in.
I won't go too much into that because I'm really over complicating the whole thing.
It is installed as an unforgettable type application, so long as you're reading the email from
the root user.
Now what you can do is you can modify it so that it gets sent to another email address.
But what I've done is I have all email from the root user being redirected to
my email address, which I'll do another episode on for now.
But I thought this would be a nice little short program that you could install yourself.
And, fortunately, no configuration to do.
One email a day and it gives you an idea of exactly what's going on in your server.
So that you can sleep better at night.
Well, thank you for listening to our public radio.
Again, my name has been Ken Fallon.
And, tune in tomorrow for another exciting episode of public radio.