You can pick different levels of your logs of your system - low, medium and high security.
And you can pick what to monitor with your logging - http, sudo and more ...
This is a great way monitor you system - where you can pick to get yeasterdays logs or todays logs sent to your email.
First i just want to tell you how difficult it was to get all this working.
I try to get a working email system to work with my Ubuntu so Logwatch can send me emails using my Ubuntu system.
And i end up trying to configurating Postfix - i follow many guides online and none working.
This made me very angry.
But thanks to this great forum [ubuntu org] i describe my issue and got help to solve my problem.
A user suggest me to install SSMTP instead of Postfix and it did work direct after the first install and configuration.
After that i was going to install Logwatch - but then i notice that the guides say different things how to install Logwatch.
This was at first confusing - but at the end i solve the wrong information to a working solution to install and configurating Logwatch.
1) So now i will show you how to install and configurating the mail software SSMTP so you can get emails from Logwatch.
2) After getting SSMTP working i will show you how to install and configurating LOGWATCH.
3) During this installation process you need a gmail.com account to get this guide to work.
Installing and configurationg SSMTP to send emails from your Ubuntu system
First you run the following code to get updated system:
Kod: Markera allt
sudo apt-get update
Kod: Markera allt
sudo apt-get install ssmtp
After editing a file you click on "ctrl" and "o" to save the changes and click "enter" then close nano with "ctrl" and "x"
This is the all commands you need to open, save and close using nano.
Type the following in the command line:
Kod: Markera allt
sudo nano /etc/ssmtp/ssmtp.conf
You have to add the missing parts and add your email.
Kod: Markera allt
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
#root=postmaster
root=MyEmailAddress@gmail.com
# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
#mailhub=mail
mailhub=smtp.gmail.com:587
AuthUser=MyEmailAddress@gmail.com
AuthPass=MyPassword
UseTLS=YES
UseSTARTTLS=YES
# Where will the mail seem to come from?
#rewriteDomain=
rewriteDomain=gmail.com
# The full hostname
#hostname=MyMediaServer.home
hostname=MyEmailAddress@gmail.com
# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES - See more at: http://www.havetheknowhow.com/Configure-the-server/Install-ssmtp.html#sthash.vpOeOryu.dpuf
# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
#root=postmaster
root=MyEmailAddress@gmail.com
# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
#mailhub=mail
mailhub=smtp.gmail.com:587
AuthUser=MyEmailAddress@gmail.com
AuthPass=MyPassword
UseTLS=YES
UseSTARTTLS=YES
# Where will the mail seem to come from?
#rewriteDomain=
rewriteDomain=gmail.com
# The full hostname
#hostname=MyMediaServer.home
hostname=MyEmailAddress@gmail.com
# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES
But at first it will not work because gmail will complain about you being spamming the email account and also issue how the deamon can know your password to your gmail account.
Then gmail will ask if you want to change secutiry settings and you should answaer yes or activate the funktion allowing emails from your Ubuntu system.
When this is done you can test send email again - then it should work just fine.
This is how you send email using the command line with ssmtp:
Kod: Markera allt
ssmtp recipient_YourEmail@gmail.com
For example:
Kod: Markera allt
Hello world
Now you can check your email and you will see your message Hello world.
Here is the ssmtp guide i follow http://www.havetheknowhow.com/Configure ... ssmtp.html
Now when you get this working you can move on to next part - installing and configurating Logwatch.
Installing and configurationg LOGWATCH to send security logs to your email account:
First we install Logwatch
Kod: Markera allt
sudo apt-get install logwatch
Write the following code to create /var/cache/logwatch
Kod: Markera allt
sudo mkdir /var/cache/logwatch
We should copy logwatch.conf to /etc/logwatch/conf/ and that is the file we will configurate.
So now we copy the file using following code
Kod: Markera allt
sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
Kod: Markera allt
sudo nano /etc/logwatch/conf/logwatch.conf
Kod: Markera allt
Output = mail
MailTo = YourEmail@gmail.com
Kod: Markera allt
MailFrom = Logwatch
Kod: Markera allt
Range = Today
Kod: Markera allt
Detail = Medium
Just write logwatch in the command line and check your email account.
Kod: Markera allt
sudo logwatch
I post them in the order you should read and refering to the guides to understand what is correct settings with Logwatch.
First guide to use is https://help.ubuntu.com/community/Logwatch
Secound guide to use is https://wiki.amahi.org/index.php/Monito ... via_E-mail
And last guide to get more details https://www.digitalocean.com/community/ ... r-on-a-vps