Install Logwatch   IMPORTANT NOTE:  This document is based on CentOS, RedHat Linux 7.3 and Enterprise.  The concepts should be similar across operating systems, but the commands will very likely be different.  Also, never assume the directory structures exist in your system as written in the document.  Never blindly follow security instructions -- read, review, compare, apply as it fits your system. Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is easy to use and will work right out of the package on most systems. Complete details can be found at: http://www.logwatch.org/   Log into each server as root. An old version of logwatch may already be installed on your system.  Please take the following steps to install or update: rpm -qa | grep logwatch If there are no results, then you do not have logwatch installed. See installation steps. If the results show an older version of logwatch then you can update it per upgrade steps. Now, download the latest version from http://www.logwatch.org/tabs/download/ mkdir -p /usr/local/src/rpm cd /usr/local/src/rpm wget ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3.6-1.noarch.rpm Installation Steps rpm -ivh logwatch-7.3.6-1.noarch.rpm Upgrade Steps rpm -Uvh logwatch-7.3.6-1.noarch.rpm Detailed documentation can be found at http://www.logwatch.org/tabs/docs/logwatch.8.html The settings for logwatch can be configured in /usr/share/logwatch/default.conf/logwatch.conf These settings are described on the logwatch.org site at: http://www.logwatch.org/tabs/docs/logwatch.8.html  Assume the following nomenclature: # Yes = True = On = 1 # No = False = Off = 0 The following are some of the settings that I recommend changing to suit your application. Note that there are other settings in this file with detailed descriptions that you can also change to suit your needs: # Default person to mail reports to. Can be a local account or a # complete email address. (I recommend a complete email address rather than the default root) MailTo = root@yourdomain.com Uncomment searching the archives. If you do so, the Range must then be set to ALL. # Use archives? If set to 'Yes', the archives of logfiles # (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will # be searched in addition to the /var/log/messages file. # This usually will not do much if your range is set to just # 'Yesterday' or 'Today'... it is probably best used with #Archives = Yes Range = Yesterday # The default time range for the report... # The current choices are All, Today, Yesterday # Range = All # The default detail level for the report. # This can either be Low, Med, High or a number. # Low = 0 # Med = 5 # High = 10 Detail = High IMPORTANT NOTE:  This document and all linked document is being provided as a good will gesture to the Parallels H-Sphere community and to others who may benefit from its use.  Dynamic Net, Inc. makes no representations implied or explicit as to their value or warranty. Dynamic Net, Inc. will not be held liable for any damage resulting in the application of the steps and procedures noted.  If you feel uncomfortable at all about doing any of the steps, make a complete system backup and hire a third party like We Manage Servers to do the work for you.