Getting more out of LogWatch on a cPanel/WHM server

[Exa_Ankur]

I was searching for something else the other day and came across this (search for LogWatch on the page).
It changes the default paths for some of the log files so that they work on a cPanel/WHM server.
This will give you more reports in your daily LogWatch email - specifically, it adds exim, apache, courier and PureFTP logs.

Most tutorials only show you how to change the detail level or the email address in logwatch.conf.
So, I thought I'd share this piece of information.

I found that a few changes were necessary for my system.
So, I'll give all the steps I followed below:

1) After you have installed LogWatch, change the following in /usr/share/logwatch/default.conf/logwatch.conf :

Detail = High
MailTo = <your email address>

You can use Detail = Med if you want to reduce the details you get.

2) Add the following to /etc/logwatch/conf/override.conf (you may have to create the file):

logfiles/exim: LogFile = exim_mainlog
logfiles/http: LogFile = /usr/local/apache/logs/access_log
services/pop3: *OnlyService = cpanelpop
services/pop3: *RemoveHeaders = 1
services/pureftpd: LogFile = messages
services/pureftpd: $show_logins = 1
services/pureftpd: $show_logouts = 1
services/pureftpd: $show_new_connections = 1

So, if you are not bored reading LogWatch's daily logs and would like to increase your workload, you now know how to
How have you configured your LogWatch installation ? Or do you use something other than LogWatch ?

 

[handsonhosting]

wow - MORE information to parse through. I spend hours going thorugh logwatch files. I know there's a few systems out there for parsing logwatch information to make it easier to read. Anyone have any suggestions on better organization?

 

[JayWiz]

Very good information. It is indeed useful for me as webmaster.
I will look into my server configuration and changes all that necessary.
Thanks for your tutorial.

 

[bahman63]

Thanks for your tutorial.

 

[PowerDot]

Thank you for share your wisdom.