Hereβs a modernized and updated guide tailored for AlmaLinux 8/9, CloudLinux 8/9, and cPanel/WHM environments (2025) to install and configure Logwatch β a system log analyzer and reporter:
Logwatch is a log analyzer that emails you a daily summary of system activity, which is essential for monitoring system health and suspicious activity.
β Step 1: Install Logwatch (Latest Version)
Run the following command as root or via sudo:
dnf install logwatch -yThis installs the latest version from the official repos.
π Alternate Install (Manual RPM)
If dnf doesn’t provide the latest or desired version:
cd /usr/local/src
wget http://downloads.sourceforge.net/project/logwatch/logwatch-7.12/logwatch-7.12-1.noarch.rpm
dnf install perl-Date-Manip perl -y
rpm -Uvh logwatch-7.12-1.noarch.rpmβοΈ Step 2: Configure Logwatch
Edit the configuration file:
nano /usr/share/logwatch/default.conf/logwatch.confUpdate the following lines:
Output = mail
MailTo = [email protected]
MailFrom = [email protected]
Detail = Highπ Note: Set
MailToto an offsite email (like Gmail or ProtonMail) so youβre still notified if your server is compromised.
π Step 3: Schedule Logwatch via Cron (Optional)
Logwatch typically runs daily via /etc/cron.daily/00-logwatch. If not, you can add a manual cron job:
crontab -eAdd:
0 6 * * * /usr/sbin/logwatch --output mail --mailto [email protected] --detail high㪠Step 4: Test Logwatch
Run manually to ensure it works:
logwatch --detail high --mailto [email protected] --output mailπ Notes:
- Logwatch is ideal for detecting SSH brute force, failed logins, and service restarts.
- Pairs well with CSF/LFD, Imunify360, and other server monitoring tools.
- Works out of the box with cPanel servers as long as the mail system is properly configured.