Markus Hedlund

Developer / Photographer

Contact / GitHub / Instagram

Setup logcheck on Ubuntu 10.10

Logcheck is a nifty tool that reads all system and application logs for you, and then send e-mails with reports of anomalies. It makes maintaining a server easier, and therefore increases security.

I couldn't find a guide for installing and setting up on Ubuntu, so I decided to share my notes.

It was a pretty quick and painless process. After installing it by running

aptitude install logcheck

you should add your email address to the configuration file


Change SENDMAILTO with the email address you want to receive the log digests to.

By default logcheck is run 2 minutes past every hour. I changed this to run 7:02, which is done by editing the file


Now it's time to check if this works. Running logcheck won't work, since logcheck should be run as the logcheck user. To do this, run

sudo -u logcheck logcheck

as root. Did you get an email? No? Then the message probably is stuck in the spam filter, if you haven't spent a lot of time, making sure spam filters will accept emails from your server.

Good luck, and let me know how it worked for you :-)

Update for Ubuntu 11.04

I tried this guide on Ubuntu 11.04, and it works the same.