Logcheck for Linux

Managing and reviewing system logs is vital for security. If you operating a network that uses both Windows and Linux then you probably have a log consolidation tool to help you pool information into central repositories. Or maybe you manage Linux servers where you can't pool logs for whatever reason. If you're among those in the latter group then there's a tool that you might find useful.

Logcheck is a simple and highly configurable shell script that can be run as a cron job. It scans whichever log files you want to examine and looks for information based on regular expressions (regex). When it finds information that match your regex definitions then it emails you report with the details. In it's basic configuration it looks for problems related to security (authentication, failed logins, etc) and service operation (service failures, etc).

You can find Logcheck packages for many Linux distributions so installation is relatively simple. If there isn't a package available for your platform then then you can download the tool and install it manually.

An alternative that is very similar to Logcheck is Logwatch. It performs the basic tasks as Logcheck with the main different being that it's a PERL script.