Setup logcheck on Ubuntu 10.10
Logcheck is a nifty tool that reads all system and application logs for you, and then send e-mails with reports of anomalies. It makes maintaining a server easier, and therefore increases security.
I couldn't find a guide for installing and setting up on Ubuntu, so I decided to share my notes.
It was a pretty quick and painless process. After installing it by running
aptitude install logcheck
you should add your email address to the configuration file
Change SENDMAILTO with the email address you want to receive the log digests to.
By default logcheck is run 2 minutes past every hour. I changed this to run 7:02, which is done by editing the file
Now it's time to check if this works. Running
logcheck won't work, since logcheck should be run as the logcheck user. To do this, run
sudo -u logcheck logcheck
as root. Did you get an email? No? Then the message probably is stuck in the spam filter, if you haven't spent a lot of time, making sure spam filters will accept emails from your server.
Good luck, and let me know how it worked for you :-)
Update for Ubuntu 11.04
I tried this guide on Ubuntu 11.04, and it works the same.