Setup logcheck on Ubuntu 10.10
Logcheck is a nifty tool that reads all system and application logs for you, and then send e-mails with reports of anomalies. It makes maintaining a server easier, and therefore increases security.
I couldn't find a guide for installing and setting up on Ubuntu, so I decided to share my notes.
It was a pretty quick and painless process. After installing it by running
aptitude install logcheck
you should add your email address to the configuration file
/etc/logcheck/logcheck.conf
Change SENDMAILTO with the email address you want to receive the log digests to.
By default logcheck is run 2 minutes past every hour. I changed this to run 7:02, which is done by editing the file
/etc/cron.d/logcheck
Now it's time to check if this works. Running logcheck
won't work, since logcheck should be run as the logcheck user. To do this, run
sudo -u logcheck logcheck
as root. Did you get an email? No? Then the message probably is stuck in the spam filter, if you haven't spent a lot of time, making sure spam filters will accept emails from your server.
Good luck, and let me know how it worked for you :-)
Update for Ubuntu 11.04
I tried this guide on Ubuntu 11.04, and it works the same.