I have set up Logwatch on my (Debian) system. Mailing etc works well.
What I would like to is to get a daily report of the system once a day
To receive any high level (failed login attempts, attacks -if possible- etc) immediately as they happen.
Which settings do I need to modify and modify with what exactly? I am quite a newbie when it comes to working with systems and I did my research on Google but the results only lead me thus far.
Assuming you’re using rsyslog, which is the default on Debian squeeze:
Use rsyslog’s mail output module to send yourself email. You can configure which messages get sent to you in the usual way:
or by matching text in the log message:
if $msg contains 'hard disk fatal failure' then :ommail:;mailBody
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.