How to setup Logwatch on Ubuntu-based systems

Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Logwatch is being used for Linux and many types of UNIX. (refer to Logwatch manual)

Install logwatch using the following command:

sudo apt-get install logwatch

Note: Ensure that your server has a fully working email server.

Configure logwatch:

Copy logwatch.conf to /etc/logwatch before editing:

sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/

Edit logwatch.conf to change defaults configuration settings, such as the e-mail where you want to sent the report:

sudo vim /etc/logwatch/conf/logwatch.conf

Make the following changes:

Output = mail
Format = html
MailTo = myemail@myispmailserver.com

Detail level of the logwatch report can be Low, Med or High. Default level is Low: (I prefer Med)
Detail = Med

Always: more details about logwatch can be found in its manual: man logcheck

There are several configuration files per service in the /usr/share/logwatch/default.conf/logfiles/ path. To enable a service report copy it at /etc/logwatch/conf/logfiles/ e.g.:

cp /usr/share/logwatch/default.conf/logfiles/http.conf /etc/logwatch/conf/logfiles/ 

For More Information man logwatch
Interesting links:

Maybe sometimes we have to create the following folder:

sudo mkdir /var/cache/logwatch