Checking logfiles with logcheck

If you own a private server, like me, you’ll probably know the feeling you need to check your logfiles every now and then. It’s not a lot of work, it’s not difficult, but it needs to be done, and it needs to be done regularly.

As for me, the solution is simple. I installed the logcheck tool. This nice little tool will send you a daily email with all logging information on your system. That sounds like an awful lot of spam on a daily basis, but thankfully that is not the case.

Logcheck will “remember” the last log messages it sent you, so it’ll only send new ones to you. And it doesn’t copy all logfiles, it just uses a few relevant ones. On Debian, those are /var/log/syslog and /var/log/auth.log, by default, but adding file names to /etc/logcheck/logcheck.logfiles will simply make logcheck scan those files as well. As an example, I’ve included the error logs for my web server and mail server: it’ll notify me when someone is scanning either both for attack options, and it’ll also tell me when either one is about to die.

Logcheck is available in

… or just cook your own using the source package.