Setup logcheck on Ubuntu 10.10

Logcheck is a nifty tool that reads all system and application logs for you, and then send e-mails with reports of anomalies. It makes maintaining a server easier, and therefore increases security.

I couldn't find a guide for installing and setting up on Ubuntu, so I decided to share my notes.

It was a pretty quick and painless process. After installing it by running

aptitude install logcheck

you should add your email address to the configuration file

/etc/logcheck/logcheck.conf

Change SENDMAILTO with the email address you want to receive the log digests to.

By default logcheck is run 2 minutes past every hour. I changed this to run 7:02, which is done by editing the file

/etc/cron.d/logcheck

Now it's time to check if this works. Running logcheck won't work, since logcheck should be run as the logcheck user. To do this, run

sudo -u logcheck logcheck

as root. Did you get an email? No? Then the message probably is stuck in the spam filter, if you haven't spent a lot of time, making sure spam filters will accept emails from your server.

Good luck, and let me know how it worked for you :-)

Update for Ubuntu 11.04

I tried this guide on Ubuntu 11.04, and it works the same.