Recommendation of log monitoring tool Logwatch

Nice to meet you! This is Tatsuno Information Systems Tokyo Team💻! In this article, we will introduce how to check and analyze Logs (logs) using Logwatch. Thank you for your cooperation.

Click here for table of contents

  • 1. what is Log?
  • 2. what is Logwatch?
  • 3. try to use Logwatch
  • 4. summary

What is Log?

It is a diary that the computer keeps. In brief, it is a diary of what the computer has done and what has happened."Records.Therefore, the log is Therefore, the log contains"Who did what, when, and by often recorded.

concrete example
Who came to visit your website? → Access log
I've done something wrong" → Error log
・"Let's investigate it" → There are many other things such as debug log

On a Linux server, the installed applications output various logs on a daily basis. For the stable operation of the server, it is very important to check those logs to see if there are any problems.

However, checking the log every day is a very time-consuming task. The more units you have, the more you need to check, so you tend to put it off. In addition, since the number of output logs themselves is huge, it is possible to overlook important error parts.

What is Logwatch?

Logwatch is a tool that analyzes various log files and makes the Log into a form that people can easily see. Normally, if you install it, it will be registered as a Cron job and run every day, so your daily management tasks will be a little easier.

You can also send the results by email, so it is a good idea to have an email address for receiving the results.

Install Logwatch
Here we are using Amazon Linux.

sudo yum install logwatch

With just the above command, logwatch and dependency packages will be installed.
With Amazon Linux, 7.3.6 will be installed.
Logwatch configuration
The default configuration is written in /usr/share/logwatch/default.conf/logwatch.conf. Do not change this file, but write the items you want to change from the default configuration in /etc/logwatch/conf/logwatch.conf. This file is not changed.

You can set the destination of the report in MailTo, so you can check the operation by writing only MailTo in /etc/logwatch/conf/logwatch.conf.

MailTo = the email address to which you want to send the report

Try to use Logwatch

After the above MailTo setting, you can test it with the following command, please try.

sudo logwatch -output mail

If your email address is set correctly, you will receive an email in the form of Logwatch for hoge (the hoge part is the Hostname of the server).


Logwatch is a monitoring tool that compiles server logs into easy-to-read reports that are emailed to you daily. It's a bit of a hassle to check every day, but it will only find information about unauthorized access and errors, so be sure to read it to find problems. It is easy to deal with the problem if you just check whether there was anything different from the previous day.