πŸ›‘οΈ Install and Configure Logwatch (2025)

Here’s a modernized and updated guide tailored for AlmaLinux 8/9, CloudLinux 8/9, and cPanel/WHM environments (2025) to install and configure Logwatch – a system log analyzer and reporter:

Logwatch is a log analyzer that emails you a daily summary of system activity, which is essential for monitoring system health and suspicious activity.


βœ… Step 1: Install Logwatch (Latest Version)

Run the following command as root or via sudo:

dnf install logwatch -y

This installs the latest version from the official repos.


πŸ” Alternate Install (Manual RPM)

If dnf doesn’t provide the latest or desired version:

cd /usr/local/src
wget http://downloads.sourceforge.net/project/logwatch/logwatch-7.12/logwatch-7.12-1.noarch.rpm
dnf install perl-Date-Manip perl -y
rpm -Uvh logwatch-7.12-1.noarch.rpm

βš™οΈ Step 2: Configure Logwatch

Edit the configuration file:

nano /usr/share/logwatch/default.conf/logwatch.conf

Update the following lines:

Output = mail
MailTo = [email protected]
MailFrom = [email protected]
Detail = High

πŸ” Note: Set MailTo to an offsite email (like Gmail or ProtonMail) so you’re still notified if your server is compromised.


πŸ“… Step 3: Schedule Logwatch via Cron (Optional)

Logwatch typically runs daily via /etc/cron.daily/00-logwatch. If not, you can add a manual cron job:

crontab -e

Add:

0 6 * * * /usr/sbin/logwatch --output mail --mailto [email protected] --detail high

πŸ“¬ Step 4: Test Logwatch

Run manually to ensure it works:

logwatch --detail high --mailto [email protected] --output mail

πŸ“ Notes:

  • Logwatch is ideal for detecting SSH brute force, failed logins, and service restarts.
  • Pairs well with CSF/LFD, Imunify360, and other server monitoring tools.
  • Works out of the box with cPanel servers as long as the mail system is properly configured.
Scroll to Top