Logwatch analyzes logs and generates reports. It is easily customizable, making it a flexible log analysis system.
Some distributions that include Logwatch may modify the default configuration to comply with the settings of said distributions. However, most people will not need to make any modifications to Logwatch.
New users can get started with Logwatch without having to modify the defaults. However, for more advanced users, starting with version 7.0, Logwatch implements a mechanism to allow for easier local system modification. These modifications may be needed either because the configuration of the service that writes to the system log has been altered from its default or because the Logwatch user prefers how the information is displayed or reported by Logwatch to be different.
You can customize the output of logwatch by modifying variables in the /etc/logwatch/conf directory. Default values are specified in the /usr/share/logwatch/default.conf directory, and additional defaults may be set by your distribution in the /usr/share/logwatch/dist.conf directory. All the variables available are declared in the files under these directories.
One variable available to all services, and which by default is not specified, is the 'Detail' variable. Specifying a Detail value will override the global Detail level, but only for that service. Overall, Logwatch is an excellent tool for analyzing logs, and with its customizability, it's highly recommended for advanced users who want more fine-grained control.
Version 7.3.4: N/A