How to change Logwatch email notification

Server administrators often use to add their own email id to receive all server notifications.

This should not be done this way, instead you should add your team DL (Linux team DL) so that everyone on your team can receive this alert and act accordingly.

If it is not configured with your DL, refer the following steps to configure it.

What’s Logwatch?

Logwatch is a system log analyzer and reporter.

Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and generate a report and then mail the details.

This report will help you identify if any errors or warnings have been reported on the system.

Use the find command to search for the logwatch.conf file.

$ sudo find / -name logwatch.conf

/etc/logwatch/conf/logwatch.conf
/usr/share/logwatch/default.conf/logwatch.conf

Once you get the configuration file. Open the file and search for the word MailTo and change your DL.

$ sudo nano /usr/share/logwatch/default.conf/logwatch.conf

MailTo = [email protected]

If you want to add multiple email ids, use commas (,).

$ sudo nano /usr/share/logwatch/default.conf/logwatch.conf

MailTo = [email protected],[email protected]

Bonus tips

By default, this will not enable all the features and you will need to configure the required services based on your needs.

To do so, navigate to the logwatch service directory where you can see all services configuration files.

$ cd /usr/share/logwatch/default.conf/services

Finally, edit it based on your requirements.

$ sudo vi xyz.conf

For instance, modify the below config file to get a disk space alert.

$ sudo vi zz-disk_space.conf

#New disk report options
#Uncomment this to show the home directory sizes
$show_home_dir_sizes = 1
$home_dir = "/home"

#Uncomment this to show the mail spool size
$show_mail_dir_sizes = 1
$mail_dir = "/var/spool/mail"

#Uncomment this to show the system directory sizes /opt /usr/ /var/log
$show_disk_usage = 1

Once you have made changes, run the logwatch command manually in a debug mode and check for errors.

$ sudo /usr/sbin/logwatch -d /usr/share/logwatch/default.conf/services/zz-disk_space.conf

When all is done, you can manually run the logwatch without the options to test it.

$ sudo logwatch

 ################### Logwatch 7.5.2 (07/22/19) #################### 
        Processing Initiated: Wed Jan 20 15:59:12 2021
        Date Range Processed: yesterday
                              ( 2021-Jan-19 )
                              Period is day.
        Detail Level of Output: /usr/share/logwatch/default.conf/services/zz-disk_space.conf
        Type of Output/Format: stdout / text
        Logfiles for Host: 2daygeek
 ################################################################## 
 
 --------------------- dpkg status changes Begin ------------------------ 

 Upgraded:
    python3-pil:amd64 7.0.0-4ubuntu0.1 => 7.0.0-4ubuntu0.2
    xserver-common:all 2:1.20.9-2ubuntu1.1~20.04.1 => 2:1.20.9-2ubuntu1.2~20.04.1
    xserver-xephyr:amd64 2:1.20.9-2ubuntu1.1~20.04.1 => 2:1.20.9-2ubuntu1.2~20.04.1
    xserver-xorg-core:amd64 2:1.20.9-2ubuntu1.1~20.04.1 => 2:1.20.9-2ubuntu1.2~20.04.1
    xserver-xorg-legacy:amd64 2:1.20.9-2ubuntu1.1~20.04.1 => 2:1.20.9-2ubuntu1.2~20.04.1
    xwayland:amd64 2:1.20.9-2ubuntu1.1~20.04.1 => 2:1.20.9-2ubuntu1.2~20.04.1
 
 Removed:
    linux-modules-extra-5.4.0-59-generic:amd64 5.4.0-59.65
    linux-modules-nvidia-450-5.4.0-59-generic:amd64 5.4.0-59.65
 
 ---------------------- dpkg status changes End ------------------------- 

 
 --------------------- Kernel Begin ------------------------ 

 
 WARNING:  Kernel Errors Present
    iwlwifi 0000:08:00.0: Direct firmware load for iwl-debug-yoyo.bin failed with error -2 ...:  2 Time(s)
 
 ---------------------- Kernel End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 polkit-1:
    Sessions Opened:
       magi -> root: 4 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Connections (secure-log) Begin ------------------------ 

 
 **Unmatched Entries**
    PackageKit: uid 1000 is trying to obtain org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0): 3 Time(s)
    PackageKit: uid 1000 obtained auth for org.freedesktop.packagekit.system-sources-refresh: 3 Time(s)
    gdm-password]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring: 2 Time(s)
    gdm-password]: gkr-pam: stashed password to try later in open session: 2 Time(s)
    gdm-password]: gkr-pam: unable to locate daemon control file: 2 Time(s)
    gnome-keyring-daemon: The PKCS#11 component was already initialized: 2 Time(s)
    gnome-keyring-daemon: The Secret Service was already initialized: 2 Time(s)
    systemd-logind: Lid closed.: 1 Time(s)
    systemd-logind: Operation 'sleep' finished.: 1 Time(s)
    systemd-logind: Suspending...: 2 Time(s)
    systemd-logind: System is rebooting.: 1 Time(s)
 
 ---------------------- Connections (secure-log) End ------------------------- 

 
 --------------------- stunnel Begin ------------------------ 

 Argument "/usr/share/logwatch/default.conf/services/zz-disk_space...." isn't numeric in numeric gt (>) at /usr/share/logwatch/scripts/services/stunnel line 170.
 
 ---------------------- stunnel End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem      Size  Used Avail Use% Mounted on
 /dev/nvme0n1p5  234G   51G  172G  23% /
 /dev/loop1       56M   56M     0 100% /snap/core18/1944
 /dev/loop2      218M  218M     0 100% /snap/gnome-3-34-1804/60
 /dev/loop0       56M   56M     0 100% /snap/core18/1932
 /dev/loop3       65M   65M     0 100% /snap/gtk-common-themes/1514
 /dev/loop4       52M   52M     0 100% /snap/snap-store/498
 /dev/loop5       52M   52M     0 100% /snap/snap-store/518
 /dev/loop6       32M   32M     0 100% /snap/snapd/10707
 /dev/loop7       32M   32M     0 100% /snap/snapd/10492
 /dev/loop8      219M  219M     0 100% /snap/gnome-3-34-1804/66
 /dev/loop9       63M   63M     0 100% /snap/gtk-common-themes/1506
 /dev/nvme0n1p1  511M  4.0K  511M   1% /boot/efi
 /dev/sda2       932G  706G  226G  76% /media/magi/DATA
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End ######################### 

Conclusion

In this tutorial, we have shown you how to change the Logwatch email notification and how to configure the services in the Logwatch.

About Magesh Maruthamuthu

Love to play with all Linux distribution

View all posts by Magesh Maruthamuthu

Leave a Reply

Your email address will not be published. Required fields are marked *