Classnotes | UNIX03 | RecentChanges | Preferences Logwatch's main configuration file is most often located in /etc/log.d/logwatch.conf. This file has a very simple:
parameter = value
format.
The default configuration file is very well documented, so we will simply point out some of the more important parameters which you should be aware of.
# Default person to mail reports to. Can be a local account or a
# complete email address.
MailTo? = root
Again, you probably want to alias root's mail in your MTA instead of the individual logwatch configuration program.
# Use archives? If set to 'Yes', the archives of logfiles
# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
# be searched in addition to the /var/log/messages file.
# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'... it is probably best used with
# Archives = Yes
# Range = All
Logwatch can be set to monitor archives created by logrotate.
# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = Low
This is the default detail level for the report. I typically opt to set this to Medium or above.
Logfile Configurations
Logwatch also has a directory which contains configuration files for each log to monitor. These files are usually found in /etc/log.d/conf/logfiles.
You are generally safe to leave these to their defaults from your vendor. The most common reason to modify or add entries in this directory is to include additional logs in Logwatch's monitoring activities.
For more information on making your own log filters, consult this document: